CVE-2025-20233

Summary

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk App for Lookup File Editing4.0 < 4.0.5affected

Weaknesses

  • CWE-732: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References