Unrated severityNVD Advisory· Published Oct 1, 2025· Updated Oct 1, 2025

Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise

CVE-2025-20369

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.

Affected products

Splunk/Splunk Cloud Platformllm-fuzzy
Range: <9.2.2406.123, <9.3.2408.118, <9.3.2411.108
Splunk/Splunk Enterprisellm-fuzzy
Range: <9.2.8, <9.3.6, <9.4.4
Splunk/Splunk Cloud Platformv5
Range: 9.3.2411
Splunk/Splunk Enterprisev5
Range: 10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2025-1004mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000