CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2025-0310

Configurations

No configuration.

History

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk App for Lookup File Editing anteriores a la 4.0.5, un script de la aplicación utilizaba las funciones de Python `chmod` y `makedirs`, lo que resultaba en permisos de lectura y ejecución excesivamente amplios. Esto podía generar un control de acceso inadecuado para un usuario con pocos privilegios.

26 Mar 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-26 22:15

Updated : 2025-03-27 16:45

NVD link : CVE-2025-20233

Mitre link : CVE-2025-20233

CVE.ORG link : CVE-2025-20233

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

2.5 /10