CVE-2025-20297: Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component

4.3 CVSS

Description

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

Classification

CVE ID: CVE-2025-20297

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem Types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Products

Vendor: Splunk

Product: Splunk Enterprise, Splunk Cloud Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.79% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20297
https://advisory.splunk.com/advisories/SVD-2025-0601

Timeline

2025-06-02 18:40:20 UTC
CVE

Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component