{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20320", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.254Z", "datePublished": "2025-07-07T17:47:59.569Z", "dateUpdated": "2025-07-08T13:37:17.043Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.4", "status": "affected", "versionType": "custom", "lessThan": "9.4.3"}, {"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.5"}, {"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.7"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.10"}]}, {"product": "Splunk Enterprise Cloud", "vendor": "Splunk", "versions": [{"version": "9.3.2411", "status": "affected", "versionType": "custom", "lessThan": "9.3.2411.107"}, {"version": "9.3.2408", "status": "affected", "versionType": "custom", "lessThan": "9.3.2408.117"}, {"version": "9.2.2406", "status": "affected", "versionType": "custom", "lessThan": "9.2.2406.121"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."}], "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2025-0703"}], "title": "Denial of Service (DoS) through \u201cUser Interface - Views\u201c configuration page in Splunk Enterprise", "datePublic": "2025-07-07T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.", "cweId": "CWE-35"}]}], "source": {"advisory": "SVD-2025-0703"}, "credits": [{"lang": "en", "value": "Danylo Dmytriiev (DDV_UA)"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-07-07T17:47:59.569Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T13:37:10.108433Z", "id": "CVE-2025-20320", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T13:37:17.043Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20320", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T13:37:10.108433Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T13:37:14.248Z"}}], "cna": {"title": "Denial of Service (DoS) through \u201cUser Interface - Views\u201c configuration page in Splunk Enterprise", "source": {"advisory": "SVD-2025-0703"}, "credits": [{"lang": "en", "value": "Danylo Dmytriiev (DDV_UA)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.4", "lessThan": "9.4.3", "versionType": "custom"}, {"status": "affected", "version": "9.3", "lessThan": "9.3.5", "versionType": "custom"}, {"status": "affected", "version": "9.2", "lessThan": "9.2.7", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Enterprise Cloud", "versions": [{"status": "affected", "version": "9.3.2411", "lessThan": "9.3.2411.107", "versionType": "custom"}, {"status": "affected", "version": "9.3.2408", "lessThan": "9.3.2408.117", "versionType": "custom"}, {"status": "affected", "version": "9.2.2406", "lessThan": "9.2.2406.121", "versionType": "custom"}]}], "datePublic": "2025-07-07T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2025-0703"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-35", "description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory."}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-07-07T17:47:59.569Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20320", "state": "PUBLISHED", "dateUpdated": "2025-07-08T13:37:17.043Z", "dateReserved": "2024-10-10T19:15:13.254Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-07-07T17:47:59.569Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F363265C-BE8B-4D9E-BCD7-52D75D4454BA", "versionEndExcluding": "9.1.10", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "16D7B94B-6E57-4462-BDB1-884E3268967D", "versionEndExcluding": "9.2.7", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2AE238E0-742D-4595-8F72-C2D7256718EA", "versionEndExcluding": "9.3.5", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6E95070D-E7E2-40F7-8282-0964FC1664F4", "versionEndExcluding": "9.4.3", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "69993EB7-DEC3-416D-AD92-72B87A714DAA", "versionEndExcluding": "9.2.2406.121", "versionStartIncluding": "9.2.2406", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "45C46DB9-D18B-4A8D-ABBE-88C1AA326903", "versionEndExcluding": "9.3.2408.117", "versionStartIncluding": "9.3.2408", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EFAE9C0-842B-4E8E-BEC2-B96B1EA0C9C1", "versionEndExcluding": "9.3.2411.107", "versionStartIncluding": "9.3.2411", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 9.4.3, 9.3.5, 9.2.7 y 9.1.10, y de Splunk Cloud Platform anteriores a 9.3.2411.107, 9.3.2408.117 y 9.2.2406.121, un usuario con privilegios bajos que no tenga los roles de administrador o de alto nivel de Splunk podr\u00eda manipular un payload malicioso a trav\u00e9s de la p\u00e1gina de configuraci\u00f3n \"Interfaz de usuario - Vistas\", lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS). El usuario podr\u00eda causar la denegaci\u00f3n de servicio (DoS) explotando una vulnerabilidad de path traversal que permite la eliminaci\u00f3n de archivos arbitrarios dentro de un directorio de Splunk. La vulnerabilidad requiere que el usuario con privilegios bajos suplante a la v\u00edctima con nivel de administrador, enga\u00f1\u00e1ndola para que inicie una solicitud en su navegador. El usuario con privilegios bajos no deber\u00eda poder explotar la vulnerabilidad a voluntad."}], "id": "CVE-2025-20320", "lastModified": "2025-07-21T20:58:05.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-07T18:15:25.987", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2025-0703"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}