July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CVE-2025-5068 – Google Chrome Vulnerability
June 3, 2025Multiple IBM Products Vulnerabilities
June 3, 2025CVE-2025-5068 – Google Chrome Vulnerability
June 3, 2025Multiple IBM Products Vulnerabilities
June 3, 2025
Severity
Medium
Analysis Summary
CVE-2025-20297 CVSS:4.3
In Cisco Splunk Enterprise and Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in the execution of unauthorized JavaScript code in the browser of a user.
CVE-2025-20298 CVSS:8
In Universal Forwarder for Windows, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
Impact
- Code Execution
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-20297
CVE-2025-20298
Affected Vendors
- Cisco
Affected Products
- Cisco Splunk Enterprise - 9.4
- Cisco Splunk Enterprise - 9.3
- Cisco Splunk Enterprise - 9.2
- Cisco Splunk Enterprise - 9.1
- Cisco Splunk Cloud Platform - 9.3.2411
- Cisco Splunk Cloud Platform - 9.3.2408
- Cisco Splunk Cloud Platform - 9.2.2406
- Cisco Splunk/UniversalForwarder for Windows - 9.1
- Cisco Splunk/UniversalForwarder for Windows - 9.2
- Cisco Splunk/UniversalForwarder for Windows - 9.3
- Cisco Splunk/UniversalForwarder for Windows - 9.4
Remediation
Refer to the Cisco Splunk Security Advisory for patch, upgrade, or suggested workaround information.