Main Vulnerability Database Vulnerabilities #VU106069

Improper access control in Splunk Enterprise and Splunk Secure Gateway - CVE-2025-20230

Published: March 26, 2025

Vulnerability identifier: #VU106069

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-20230

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Splunk Inc.

Affected software:
Splunk Enterprise
Splunk Secure Gateway

Detailed vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and edit or delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created.

How to mitigate CVE-2025-20230

Install updates from vendor's website.

Sources

https://advisory.splunk.com/advisories/SVD-2025-0307

Improper access control in Splunk Enterprise and Splunk Secure Gateway - CVE-2025-20230

Detailed vulnerability description

How to mitigate CVE-2025-20230

Sources

Please verify you're human