Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio

Advisory ID: SVD-2025-0306

CVE ID: CVE-2025-20227

Published: 2025-03-26

Last Update: 2025-03-26

CVSSv3.1 Score: 4.3, Medium

CWE: CWE-20

Bug ID: VULN-21589

Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.

For more information about configuring trusted external domains for dashboards, see Configure Dashboards Trusted Domains List.

Solution

Upgrade Splunk Enterprise to versions 9.1.8, 9.2.5, 9.3.3, 9.4.1, or higher.

Splunk is actively monitoring and patching Splunk Cloud Platform instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.4Splunk Dashboards9.4.09.4.1
Splunk Enterprise9.3Splunk Dashboards9.3.0 to 9.3.29.3.3
Splunk Enterprise9.2Splunk Dashboards9.2.0 to 9.2.49.2.5
Splunk Enterprise9.1Splunk Dashboards9.1.0 to 9.1.79.1.8
Splunk Cloud Platform9.3.2408Splunk Dashboards9.3.2408.100 to 9.3.2408.1069.3.2408.107
Splunk Cloud Platform9.2.2406Splunk Dashboards9.2.2406.100 to 9.2.2406.1129.2.2406.113
Splunk Cloud Platform9.2.2403Splunk DashboardsBelow 9.2.2403.1159.2.2403.115
Splunk Cloud Platform9.1.2312Splunk DashboardsBelow 9.1.2312.2089.1.2312.208
Splunk Cloud Platform9.1.2308Splunk DashboardsBelow 9.1.2308.2149.1.2308.214

Mitigations and Workarounds

The vulnerability affects instances with Splunk Web turned on. Turning Splunk Web off is a possible workaround.

See Disable unnecessary Splunk Enterprise components and the web.conf configuration specification file for more information on disabling Splunk Web.

Detections

None

Severity

Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Acknowledgments

Taihei Shimamine