Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-20228


Contact Us

Shodan ® - All rights reserved