In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.
                
            References
                    | Link | Resource | 
|---|---|
| https://advisory.splunk.com/advisories/SVD-2025-0302 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    21 Jul 2025, 20:48
| Type | Values Removed | Values Added | 
|---|---|---|
| CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk:9.4.0:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:* | |
| References | () https://advisory.splunk.com/advisories/SVD-2025-0302 - Vendor Advisory | |
| First Time | Splunk Splunk splunk Splunk splunk Secure Gateway | 
27 Mar 2025, 16:45
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
26 Mar 2025, 22:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-03-26 22:15
Updated : 2025-07-21 20:48
NVD link : CVE-2025-20231
Mitre link : CVE-2025-20231
CVE.ORG link : CVE-2025-20231
JSON object : View
Products Affected
                splunk
- splunk_secure_gateway
- splunk
CWE
                
                    
                        
                        CWE-532
                        
            Insertion of Sensitive Information into Log File
