Authentication Privilege Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2025-20388

2.7LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-20388?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a user with high-level privileges designated by the change_authentication capability can exploit the system to enumerate sensitive internal IP addresses and network ports. This vulnerability can occur when adding new search peers to a Splunk search head within a distributed setup, potentially exposing the network configuration to unauthorized access.

Affected Version(s)

Splunk Cloud Platform 10.1.2507 < 10.1.2507.4

Splunk Cloud Platform 10.0.2503 < 10.0.2503.6

Splunk Cloud Platform 9.3.2411 < 9.3.2411.116

References

https://advisory.splunk.com/advisories/SVD-2025-1207

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Mr Hack (try_to_hack) Santiago Lopez

JSON