CVE-2025-20323

Medium CVSS 4.3

Overview

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

CWE: CWE-284 Published: 2025-07-07T18:15:26.470

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.3 (MEDIUM)
Detected tags: misconfiguration (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags