CVE-2025-20366

Published: Oct 1, 2025Modified: Oct 8, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: psirt@cisco.com (Secondary)

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.

Affected (6)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.2.0 to 9.2.8
Splunk Splunk	From 9.3.0 to 9.3.6
Splunk Splunk	From 9.4.0 to 9.4.4
Splunk Splunk Cloud Platform	From 9.2.2406 to 9.2.2406.122
Splunk Splunk Cloud Platform	From 9.3.2408 to 9.3.2408.119
Splunk Splunk Cloud Platform	From 9.3.2411 to 9.3.2411.111

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-1001

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.