**Splunk Web Flaw Lets Hackers Run Rogue JavaScript Code**

Splunk Inc. has disclosed a cross-site scripting (XSS) vulnerability in its Enterprise and Cloud Platform products that could allow low-privileged users to execute unauthorized JavaScript code. Tracked as CVE-2025-20297, the flaw resides in the PDF generation feature, specifically the pdfgen/render REST endpoint within the Splunk Web interface.

The security issue carries a CVSSv3.1 score of 4.3, marking it as a medium-severity vulnerability. Attackers with authenticated but limited access can exploit the flaw remotely without user interaction. Affected Splunk Enterprise versions include all releases prior to 9.4.2, 9.3.4, and 9.2.6. The Splunk Cloud Platform is also impacted in versions below 9.3.2411.102, 9.3.2408.111, and 9.2.2406.118.

Splunk recommends upgrading to the latest patched versions. As a temporary measure, organizations can disable Splunk Web, though this may disrupt dashboard functionality. The company is automatically updating vulnerable cloud instances and urges customers to review user privileges and monitor the affected endpoint.