CVE-2025-20366

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search jobs unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ciscoCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
splunksplunk
9.2.0 ≤
𝑥
< 9.2.8
splunksplunk
9.3.0 ≤
𝑥
< 9.3.6
splunksplunk
9.4.0 ≤
𝑥
< 9.4.4
splunksplunk_cloud_platform
9.2.2406 ≤
𝑥
< 9.2.2406.122
splunksplunk_cloud_platform
9.3.2408 ≤
𝑥
< 9.3.2408.119
splunksplunk_cloud_platform
9.3.2411 ≤
𝑥
< 9.3.2411.111
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2025-1001