VYPR
Unrated severityNVD Advisory· Published Mar 26, 2025· Updated Mar 27, 2025

Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio

CVE-2025-20227

Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Splunk/Splunk Cloud Platformllm-fuzzy2 versions
    <9.3.2408.107, <9.2.2406.112, <9.2.2403.115, <9.1.2312.208, <9.1.2308.214+ 1 more
    • (no CPE)range: <9.3.2408.107, <9.2.2406.112, <9.2.2403.115, <9.1.2312.208, <9.1.2308.214
    • (no CPE)range: 9.3.2408
  • Splunk/Splunk Enterprisellm-fuzzy2 versions
    <9.4.1, <9.3.3, <9.2.5, <9.1.8+ 1 more
    • (no CPE)range: <9.4.1, <9.3.3, <9.2.5, <9.1.8
    • (no CPE)range: 9.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.