Sensitive Data Exposure in Splunk Enterprise and Cloud Platform
CVE-2025-20325

3.1LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-20325?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a sensitive data exposure occurs when the search head cluster key is potentially exposed. This vulnerability arises from running the SHCConfig log channel at the DEBUG logging level in a clustered deployment. If this logging level is configured, sensitive information may be accessible if an attacker has local access to log files or administrative rights to internal indexes—access typically restricted to admin roles. It's essential for users to review their instance's roles and capabilities, ensuring that access to internal indexes is limited to user roles with the necessary permissions.

Affected Version(s)

Splunk Cloud Platform 9.3.2411 < 9.3.2411.103

Splunk Cloud Platform 9.3.2408 < 9.3.2408.113

Splunk Cloud Platform 9.2.2406 < 9.2.2406.119

References

https://advisory.splunk.com/advisories/SVD-2025-0709

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Oct 10, 2024