DoS via Path Traversal in Splunk Enterprise <9.4.3 (Views conf)
CVE-2025-20320 Published on July 7, 2025

Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

NVD

Weakness Type

Path Traversal: '.../...//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Products Associated with CVE-2025-20320

stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.

Splunk

Splunk Cloud Platform

Affected Versions

Splunk Enterprise:

Version 9.4 and below 9.4.3 is affected.
Version 9.3 and below 9.3.5 is affected.
Version 9.2 and below 9.2.7 is affected.
Version 9.1 and below 9.1.10 is affected.

Splunk Enterprise Cloud:

Version 9.3.2411 and below 9.3.2411.107 is affected.
Version 9.3.2408 and below 9.3.2408.117 is affected.
Version 9.2.2406 and below 9.2.2406.121 is affected.

Exploit Probability

EPSS

0.10%

Percentile

27.66%