CVE-2025-20371

Summary

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise10.0 < 10.0.1affected
SplunkSplunk Enterprise9.4 < 9.4.4affected
SplunkSplunk Enterprise9.3 < 9.3.6affected
SplunkSplunk Enterprise9.2 < 9.2.8affected
SplunkSplunk Cloud Platform9.3.2411 < 9.3.2411.109affected
SplunkSplunk Cloud Platform9.3.2408 < 9.3.2408.119affected
SplunkSplunk Cloud Platform9.2.2406 < 9.2.2406.122affected

Weaknesses

  • CWE-918: The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References