CVE-2025-20371

Published: Oct 1, 2025Modified: Oct 8, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

Affected (7)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.2.0 to 9.2.8
Splunk Splunk	From 9.3.0 to 9.3.6
Splunk Splunk	From 9.4.0 to 9.4.4
Splunk Splunk	Version 10.0.0
Splunk Splunk Cloud Platform	From 9.2.2406 to 9.2.2406.122
Splunk Splunk Cloud Platform	From 9.3.2408 to 9.3.2408.119
Splunk Splunk Cloud Platform	From 9.3.2411 to 9.3.2411.109

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-1006

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.