CVE-2025-20233: Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

2.5 CVSS

Description

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

Classification

CVE ID: CVE-2025-20233

CVSS Base Severity: LOW

CVSS Base Score: 2.5

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Affected Products

Vendor: Splunk

Product: Splunk App for Lookup File Editing

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.5% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20233
https://advisory.splunk.com/advisories/SVD-2025-0310

Timeline

2025-03-26 23:40:17 UTC
CVE

Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing