CVE-2025-20379Sensitive Information Exposure in Cloud Platform

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.0%
top 93.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedNov 12

Description

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands. They could bypass these safeguards on the “/services/streams/search“ endpoint through its “q“ parameter by circu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.3.24119.3.2411.116+3
NVDsplunk/splunk_cloud_platform9.3.24089.3.2408.124+3
CVEListV5splunk/splunk_enterprise10.010.0.1+3
NVDsplunk/splunk9.2.09.2.9+3

🔴Vulnerability Details

2
CVEList
Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise2025-11-12
GHSA
GHSA-3p87-8mrf-82ww: In Splunk Enterprise versions below 102025-11-12
CVE-2025-20379 — Sensitive Information Exposure | cvebase