CVE-2025-20389 | THREATINT

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

PUBLISHED Reserved 2024-10-10 | Published 2025-12-03 | Updated 2025-12-03 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Product status

10.0 (custom) before 10.0.2

affected

9.4 (custom) before 9.4.6

affected

9.3 (custom) before 9.3.8

affected

9.2 (custom) before 9.2.10

affected

10.1.2507 (custom) before 10.1.2507.6

affected

10.0.2503 (custom) before 10.0.2503.8

affected

9.3.2411 (custom) before 9.3.2411.120

affected

3.9 (custom) before 3.9.10

affected

3.8 (custom) before 3.8.58

affected

3.7 (custom) before 3.7.28

affected

References

advisory.splunk.com/advisories/SVD-2025-1208

cve.org (CVE-2025-20389)

nvd.nist.gov (CVE-2025-20389)