CVE-2025-20366Improper Access Control in Cloud Platform

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 87.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedOct 1

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search resu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise10.010.0.0+3
CVEListV5splunk/splunk_cloud_platform9.3.24119.3.2411.111+2
NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.122+2
NVDsplunk/splunk9.2.09.2.8+2

🔴Vulnerability Details

2
GHSA
GHSA-rp2x-mr47-fvmf: In Splunk Enterprise versions below 92025-10-01
CVEList
Improper Access Control in Background Job Submission in Splunk Enterprise2025-10-01
CVE-2025-20366 — Improper Access Control in Splunk | cvebase