CVE-2025-20325

CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 81.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Cloud Platform Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedJul 7

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterp…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5splunk/splunk_enterprise9.4 — 9.4.3+3

▶CVEListV5splunk/splunk_cloud_platform9.3.2411 — 9.3.2411.103+2

▶NVDsplunk/splunk_cloud_platform9.2.2406 — 9.2.2406.119+2

▶NVDsplunk/splunk9.1.0 — 9.1.10+3

🔴Vulnerability Details

GHSA

GHSA-58ph-89f9-hmcp: In Splunk Enterprise versions below 9↗2025-07-07

▶

CVEList

Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise↗2025-07-07

▶