How severe is CVE-2025-20231?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-20231?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2025-20231 - HIGH Severity | CVSS 7.1

Vulnerability Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.

Related Vulnerabilities

CVE-2022-20806

HIGH

CVSS:7.1(High)

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker...

CWE-5322022

CVE-2024-24272

HIGH

CVSS:7.1(High)

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed ...

CWE-5322024

CVE-2024-28186

HIGH

CVSS:7.1(High)

FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization ...

CWE-5322024

CVE-2018-18466

HIGH

CVSS:7.0(High)

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in th...

CWE-5322018

CVE-2020-6295

HIGH

CVSS:7.0(High)

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log file...

CWE-5322020

CVE-2021-1442

HIGH

CVSS:7.0(High)

A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrat...

CWE-5322021