Denial of Service Vulnerability in Splunk Enterprise and Splunk Cloud
CVE-2025-20370

4.9MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Enterprise Cloud
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-20370?

In specific versions of Splunk Enterprise and Splunk Cloud, users with high-privilege capabilities can exploit a vulnerability by sending multiple LDAP bind requests to an internal endpoint. This action can lead to excessive CPU utilization on the server, which may cause a denial of service. To restore services, an instance restart is necessary. Users and administrators are recommended to upgrade to the latest versions to mitigate this risk. For further technical guidance, please refer to the official Splunk resources.

Affected Version(s)

Splunk Enterprise 10.0 < 10.0.1

Splunk Enterprise 9.4 < 9.4.4

Splunk Enterprise 9.3 < 9.3.6

References

https://advisory.splunk.com/advisories/SVD-2025-1005

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

STÖK / Fredrik Alexandersson

JSON