Home

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

PUBLISHED Reserved 2024-10-10 | Published 2025-10-01 | Updated 2025-10-01 | Assigner cisco




HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Product status

10.0 before 10.0.1
affected

9.4 before 9.4.4
affected

9.3 before 9.3.6
affected

9.2 before 9.2.8
affected

9.3.2411 before 9.3.2411.109
affected

9.3.2408 before 9.3.2408.119
affected

9.2.2406 before 9.2.2406.122
affected

Credits

Alex Hordijk (hordalex)

References

advisory.splunk.com/advisories/SVD-2025-1006

cve.org (CVE-2025-20371)

nvd.nist.gov (CVE-2025-20371)

Download JSON