PT-2025-48163 · Splunk · Splunk Add-On For Palo Alto Networks

Published

2025-11-26

Updated

2025-11-26

CVE-2025-20373

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Splunk Add-on for Palo Alto Networks versions prior to 2.0.2

Description The Splunk Add-on for Palo Alto Networks exposes client secrets in plain text within the internal index when new “Data Security Accounts” are added. Exploitation requires either local access to log files or administrative access to internal indexes, which, by default, is limited to the admin role.

Recommendations Restrict access to the internal index to administrator-level roles. Review roles and capabilities on your instance.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2025-20373

Affected Products

Splunk Add-On For Palo Alto Networks

PT-2025-48163 · Splunk · Splunk Add-On For Palo Alto Networks

CVE-2025-20373

Weakness Enumeration

Related Identifiers

Affected Products

References · 5