What is the CVSS score of CVE-2025-20369?

CVE-2025-20369 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of Splunk Cloud Platform are affected by CVE-2025-20369?

Organizations using Splunk Enterprise should be aware of moderate risk from CVE-2025-20369 rated CVSS 4.6. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-20369?

Within 30 days: Identify affected systems running Splunk Enterprise and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Splunk Cloud Platform CVE-2025-20369

EUVD-2025-32718 MEDIUM

Improper Restriction of Recursive Entity References in DTDs (CWE-776)

2025-10-01 psirt@cisco.com

XXE Denial Of Service Splunk Cloud Platform Splunk

4.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.6 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

9.2.2406.123,9.3.6,9.3.2411.108

EUVD ID Assigned

Mar 13, 2026 - 18:18 euvd

EUVD-2025-32718

Analysis Generated

Mar 13, 2026 - 18:18 vuln.today

CVE Published

Oct 01, 2025 - 17:15 nvd

MEDIUM 4.6

DescriptionCVE.org

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.

Analysis

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Restriction of Recursive Entity References in DTDs (CWE-776).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

More from same product – last 7 days

CVE-2026-20254 MEDIUM This Month

5.7 Jun 10

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data ex

CVE-2026-20255 MEDIUM This Month

5.7 Jun 10

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authentica

CVE-2026-20256 MEDIUM This Month

5.7 Jun 10

Classic dashboard drill-down links in Splunk Enterprise and Splunk Cloud Platform can be weaponized by low-privileged au

CVE-2026-20257 MEDIUM This Month

5.7 Jun 10

Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged auth

CVE-2026-20259 MEDIUM This Month

5.5 Jun 10

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platfo

CVE-2025-20369 vulnerability details – vuln.today

Back

Splunk Cloud Platform CVE-2025-20369

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code