Unrated severityNVD Advisory· Published Jul 7, 2025· Updated Jul 7, 2025

Missing Access Control of Saved Searches in the Splunk Archiver app

CVE-2025-20323

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

Affected products

Splunk/Splunk Enterprisellm-fuzzy
Range: versions below 9.4.3, 9.3.5, 9.2.7, 9.1.10
Splunk/Splunk Enterprisev5
Range: 9.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2025-0706mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000