cvelistv5 - cve-2025-20370

CVE-2025-20370 (GCVE-0-2025-20370)

Vulnerability from cvelistv5 – Published: 2025-10-01 16:07 – Updated: 2025-10-01 17:36

Summary

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Assigner

cisco

References

URL

Tags

https://advisory.splunk.com/advisories/SVD-2025-1005

Impacted products

Vendor

Product

Version

Splunk

Splunk Enterprise

Affected: 10.0 , < 10.0.1 (custom)
Affected: 9.4 , < 9.4.4 (custom)
Affected: 9.3 , < 9.3.6 (custom)
Affected: 9.2 , < 9.2.8 (custom)

Splunk

Splunk Enterprise Cloud

Affected: 9.3.2411 , < 9.3.2411.108 (custom)
Affected: 9.3.2408 , < 9.3.2408.118 (custom)
Affected: 9.2.2406 , < 9.2.2406.123 (custom)

Credits

STÖK / Fredrik Alexandersson

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20370",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T17:22:44.584017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T17:36:09.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.0.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.4",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.6",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.8",
              "status": "affected",
              "version": "9.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Enterprise Cloud",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.3.2411.108",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2408.118",
              "status": "affected",
              "version": "9.3.2408",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.2406.123",
              "status": "affected",
              "version": "9.2.2406",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ST\u00d6K / Fredrik Alexandersson"
        }
      ],
      "datePublic": "2025-10-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T16:07:57.541Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
        }
      ],
      "source": {
        "advisory": "SVD-2025-1005"
      },
      "title": "Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20370",
    "datePublished": "2025-10-01T16:07:57.541Z",
    "dateReserved": "2024-10-10T19:15:13.262Z",
    "dateUpdated": "2025-10-01T17:36:09.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-20370\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-10-01T17:15:40.273\",\"lastModified\":\"2025-10-08T20:24:31.843\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndExcluding\":\"9.2.8\",\"matchCriteriaId\":\"724443E6-2DC9-4AB3-8E8F-D9BFBCC162E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.6\",\"matchCriteriaId\":\"046659D8-1F48-4229-AC57-2A3B77D44442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.4\",\"matchCriteriaId\":\"88D2F283-10F9-4204-876A-9BEE75130E2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:10.0.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"259A3F4B-E4D2-48BC-9AE9-C37DE94987D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.2406\",\"versionEndExcluding\":\"9.2.2406.123\",\"matchCriteriaId\":\"4F61F654-CFCC-4E48-A860-7AFCBBE69297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.2408\",\"versionEndExcluding\":\"9.3.2408.118\",\"matchCriteriaId\":\"D49A3BA2-2260-4294-964A-8E8A3729CEB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.2411\",\"versionEndExcluding\":\"9.3.2411.108\",\"matchCriteriaId\":\"D7F27B31-B360-4AC9-BBBC-0A0F720C0B59\"}]}]}],\"references\":[{\"url\":\"https://advisory.splunk.com/advisories/SVD-2025-1005\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20370\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T17:22:44.584017Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T17:22:46.500Z\"}}], \"cna\": {\"title\": \"Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise\", \"source\": {\"advisory\": \"SVD-2025-1005\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"ST\\u00d6K / Fredrik Alexandersson\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.0.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.4\", \"lessThan\": \"9.4.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3\", \"lessThan\": \"9.3.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.2\", \"lessThan\": \"9.2.8\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Splunk\", \"product\": \"Splunk Enterprise Cloud\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.3.2411\", \"lessThan\": \"9.3.2411.108\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.3.2408\", \"lessThan\": \"9.3.2408.118\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.2.2406\", \"lessThan\": \"9.2.2406.123\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-10-01T00:00:00.000Z\", \"references\": [{\"url\": \"https://advisory.splunk.com/advisories/SVD-2025-1005\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-400\", \"description\": \"The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-10-01T16:07:57.541Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-20370\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-01T17:36:09.560Z\", \"dateReserved\": \"2024-10-10T19:15:13.262Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-10-01T16:07:57.541Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0838

Vulnerability from certfr_avis - Published: 2025-10-02 - Updated: 2025-10-02

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.109
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.2.2406 antérieures à 9.2.2406.123
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2408 antérieures à 9.3.2408.119
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.1
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.2.2406 antérieures à 9.2.2406.123
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.0
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.2.x antérieures à 9.2.8
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.4
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.6
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2411 antérieures à 9.3.2411.108
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2408 antérieures à 9.3.2408.118
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.111

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2025-1006	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1005	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1002	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1004	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1007	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1003	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1001	2025-10-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.109",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.119",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.6",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.108",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.118",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.111",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-20367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20367"
    },
    {
      "name": "CVE-2024-7553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
    },
    {
      "name": "CVE-2025-20366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20366"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2025-20370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20370"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-20369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20369"
    },
    {
      "name": "CVE-2025-5025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
    },
    {
      "name": "CVE-2024-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1351"
    },
    {
      "name": "CVE-2025-20371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20371"
    },
    {
      "name": "CVE-2025-20368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20368"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-4947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "initial_release_date": "2025-10-02T00:00:00",
  "last_revision_date": "2025-10-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0838",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1006",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1005",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1002",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1002"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1004",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1007",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1007"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1003",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1003"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1001",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1001"
    }
  ]
}

CERTFR-2025-AVI-0838

Vulnerability from certfr_avis - Published: 2025-10-02 - Updated: 2025-10-02

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.109
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.2.2406 antérieures à 9.2.2406.123
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2408 antérieures à 9.3.2408.119
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.1
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.2.2406 antérieures à 9.2.2406.123
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.0
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.2.x antérieures à 9.2.8
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.4
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.6
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2411 antérieures à 9.3.2411.108
Splunk	Splunk Enterprise	Splunk Enterprise Cloud versions 9.3.2408 antérieures à 9.3.2408.118
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.111

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2025-1006	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1005	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1002	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1004	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1007	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1003	2025-10-01	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1001	2025-10-01	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.109",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.119",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.2.2406 ant\u00e9rieures \u00e0 9.2.2406.123",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.6",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.108",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise Cloud versions 9.3.2408 ant\u00e9rieures \u00e0 9.3.2408.118",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.111",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-20367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20367"
    },
    {
      "name": "CVE-2024-7553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
    },
    {
      "name": "CVE-2025-20366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20366"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2025-20370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20370"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-20369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20369"
    },
    {
      "name": "CVE-2025-5025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
    },
    {
      "name": "CVE-2024-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1351"
    },
    {
      "name": "CVE-2025-20371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20371"
    },
    {
      "name": "CVE-2025-20368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20368"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-4947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "initial_release_date": "2025-10-02T00:00:00",
  "last_revision_date": "2025-10-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0838",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1006",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1005",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1002",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1002"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1004",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1004"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1007",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1007"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1003",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1003"
    },
    {
      "published_at": "2025-10-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1001",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1001"
    }
  ]
}

GHSA-JF74-VFWJ-V8H7

Vulnerability from github – Published: 2025-10-01 18:30 – Updated: 2025-10-01 18:30

Details

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability change_authentication, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.

Severity ?

4.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-20370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T17:15:40Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.",
  "id": "GHSA-jf74-vfwj-v8h7",
  "modified": "2025-10-01T18:30:39Z",
  "published": "2025-10-01T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20370"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-20370

Vulnerability from fkie_nvd - Published: 2025-10-01 17:15 - Updated: 2025-10-08 20:24

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://advisory.splunk.com/advisories/SVD-2025-1005	Vendor Advisory

Impacted products

Vendor	Product	Version
splunk	splunk	*
splunk	splunk	*
splunk	splunk	*
splunk	splunk	10.0.0
splunk	splunk_cloud_platform	*
splunk	splunk_cloud_platform	*
splunk	splunk_cloud_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "724443E6-2DC9-4AB3-8E8F-D9BFBCC162E6",
              "versionEndExcluding": "9.2.8",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "046659D8-1F48-4229-AC57-2A3B77D44442",
              "versionEndExcluding": "9.3.6",
              "versionStartIncluding": "9.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "88D2F283-10F9-4204-876A-9BEE75130E2C",
              "versionEndExcluding": "9.4.4",
              "versionStartIncluding": "9.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk:10.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "259A3F4B-E4D2-48BC-9AE9-C37DE94987D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F61F654-CFCC-4E48-A860-7AFCBBE69297",
              "versionEndExcluding": "9.2.2406.123",
              "versionStartIncluding": "9.2.2406",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49A3BA2-2260-4294-964A-8E8A3729CEB4",
              "versionEndExcluding": "9.3.2408.118",
              "versionStartIncluding": "9.3.2408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F27B31-B360-4AC9-BBBC-0A0F720C0B59",
              "versionEndExcluding": "9.3.2411.108",
              "versionStartIncluding": "9.3.2411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information."
    }
  ],
  "id": "CVE-2025-20370",
  "lastModified": "2025-10-08T20:24:31.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-10-01T17:15:40.273",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1005"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-20370 (GCVE-0-2025-20370)

CERTFR-2025-AVI-0838

Solutions

CERTFR-2025-AVI-0838

Solutions

GHSA-JF74-VFWJ-V8H7

FKIE_CVE-2025-20370

Tags

Sightings

Nomenclature