CVE-2025-20366

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.111 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Cloud Platform versions prior to 9.2.2406.122

Description A user with limited privileges, lacking administrative or power roles, may be able to access sensitive search results. This occurs if Splunk Enterprise or Splunk Cloud Platform runs an administrative search job in the background and the low-privileged user correctly guesses the search job’s unique Search ID (SID). Successful guessing of the SID allows retrieval of the job’s results, potentially exposing sensitive information.

Recommendations Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.111 or later. Update Splunk Cloud Platform to version 9.3.2408.119 or later. Update Splunk Cloud Platform to version 9.2.2406.122 or later.