Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20388

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high privilege capability `change_authentication` could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment.

Published

2025-12-03T17:15:51.427

Last Modified

2025-12-05T17:11:26.647

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.7 (LOW)

Weaknesses

Type: Secondary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	splunk	splunk	< 9.2.10	Yes
Application	splunk	splunk	< 9.3.8	Yes
Application	splunk	splunk	< 9.4.6	Yes
Application	splunk	splunk	10.0.0	Yes
Application	splunk	splunk_cloud_platform	< 9.3.2411.116	Yes
Application	splunk	splunk_cloud_platform	< 10.0.2503.6	Yes
Application	splunk	splunk_cloud_platform	< 10.1.2507.4	Yes

References

https://advisory.splunk.com/advisories/SVD-2025-1207 Vendor Advisory ([email protected])