CVE-2025-20371

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1 Splunk Enterprise versions 9.2.8 through 9.4.4 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions 9.2.2406.122 through 9.3.2408.119

Description An unauthenticated attacker could trigger a blind server-side request forgery (SSRF). This could allow an attacker to perform REST API calls on behalf of an authenticated, high-privileged user. Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.

Recommendations Update Splunk Enterprise to version 10.0.1 or later. Update Splunk Enterprise to a version after 9.4.4. Update Splunk Cloud Platform to version 9.3.2411.109 or later. Update Splunk Cloud Platform to a version after 9.3.2408.119 and 9.2.2406.122.