CVE-2025-20370Uncontrolled Resource Consumption in Enterprise

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 69.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk EnterpriseSplunk Enterprise CloudSplunk+1 more
Timeline
PublishedOct 1

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise_cloud9.3.24119.3.2411.108+2
CVEListV5splunk/splunk_enterprise10.010.0.1+3
NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.123+2
NVDsplunk/splunk9.2.09.2.8+3

🔴Vulnerability Details

2
GHSA
GHSA-jf74-vfwj-v8h7: In Splunk Enterprise versions below 102025-10-01
CVEList
Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise2025-10-01
CVE-2025-20370 — Uncontrolled Resource Consumption | cvebase