CVE-2025-20370

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.8 through 9.4.4 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118

Description A user with the change authentication capability can send multiple LDAP bind requests to an internal endpoint, potentially causing high server CPU usage and a denial of service (DoS) until the Splunk Enterprise instance is restarted. The issue affects Splunk Enterprise and Splunk Cloud Platform. The vulnerable endpoint is an internal LDAP bind request endpoint.

Recommendations Update Splunk Enterprise to version 10.0.1 or later. Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.108 or later. Update Splunk Cloud Platform to version 9.3.2408.118 or later. Update Splunk Cloud Platform to version 9.2.2406.123 or later.