CVE-2025-20383

Summary

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise10.0 < 10.0.2affected
SplunkSplunk Enterprise9.4 < 9.4.6affected
SplunkSplunk Enterprise9.3 < 9.3.8affected
SplunkSplunk Enterprise9.2 < 9.2.10affected
SplunkSplunk Cloud Platform10.1.2507 < 10.1.2507.6affected
SplunkSplunk Cloud Platform10.0.2503 < 10.0.2503.8affected
SplunkSplunk Cloud Platform9.3.2411 < 9.3.2411.120affected
SplunkSplunk Secure Gateway3.9 < 3.9.10affected
SplunkSplunk Secure Gateway3.8 < 3.8.58affected
SplunkSplunk Secure Gateway3.7 < 3.7.28affected

Weaknesses

  • CWE-200: The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References