CVE-2025-20371 | THREATINT

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

PUBLISHED Reserved 2024-10-10 | Published 2025-10-01 | Updated 2025-10-02 | Assigner cisco

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Product status

10.0 (custom) before 10.0.1

affected

9.4 (custom) before 9.4.4

affected

9.3 (custom) before 9.3.6

affected

9.2 (custom) before 9.2.8

affected

9.3.2411 (custom) before 9.3.2411.109

affected

9.3.2408 (custom) before 9.3.2408.119

affected

9.2.2406 (custom) before 9.2.2406.122

affected

Credits

Alex Hordijk (hordalex)

References

advisory.splunk.com/advisories/SVD-2025-1006

cve.org (CVE-2025-20371)

nvd.nist.gov (CVE-2025-20371)

Download JSON