cvedb.io
CVE-2025-20368
MEDIUM · CVSS 5.7
EPSS exploitation probability: 0%
Published 2025-10-01T17:15:39.893 · Last modified 2026-06-17T08:41:37.537

Summary

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

Affected products

splunk — splunk

Does this affect you?

Add your gear to cvedb and we'll alert you only when splunk ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.