Sensitive Data Exposure in Splunk Enterprise and Cloud Platform
CVE-2025-20366

6.5MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-20366?

A vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users to access sensitive search results if an administrative search job is processed in the background. By guessing the unique Search ID (SID) of the job, unauthorized users may retrieve confidential information, compromising the integrity and confidentiality of sensitive data. This issue affects specific versions of the products, highlighting the importance of updating to the latest versions to safeguard against potential data leaks.

Affected Version(s)

Splunk Cloud Platform 9.3.2411 < 9.3.2411.111

Splunk Cloud Platform 9.3.2408 < 9.3.2408.119

Splunk Cloud Platform 9.2.2406 < 9.2.2406.122

References

https://advisory.splunk.com/advisories/SVD-2025-1001

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 10, 2024

JSON