Home

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.

PUBLISHED Reserved 2024-10-10 | Published 2025-10-01 | Updated 2025-10-01 | Assigner cisco




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Product status

10.0 before 10.0.0
affected

9.4 before 9.4.4
affected

9.3 before 9.3.6
affected

9.2 before 9.2.8
affected

9.3.2411 before 9.3.2411.111
affected

9.3.2408 before 9.3.2408.119
affected

9.2.2406 before 9.2.2406.122
affected

References

advisory.splunk.com/advisories/SVD-2025-1001

cve.org (CVE-2025-20366)

nvd.nist.gov (CVE-2025-20366)

Download JSON