CVE-2025-20383 | THREATINT

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

PUBLISHED Reserved 2024-10-10 | Published 2025-12-03 | Updated 2025-12-03 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Product status

10.0 (custom) before 10.0.2

affected

9.4 (custom) before 9.4.6

affected

9.3 (custom) before 9.3.8

affected

9.2 (custom) before 9.2.10

affected

10.1.2507 (custom) before 10.1.2507.6

affected

10.0.2503 (custom) before 10.0.2503.8

affected

9.3.2411 (custom) before 9.3.2411.120

affected

3.9 (custom) before 3.9.10

affected

3.8 (custom) before 3.8.58

affected

3.7 (custom) before 3.7.28

affected

Credits

Anton (therceman)

References

advisory.splunk.com/advisories/SVD-2025-1202

cve.org (CVE-2025-20383)

nvd.nist.gov (CVE-2025-20383)