PT-2025-48960 · Splunk · Splunk Cloud Platform+1
Published
2025-12-03
·
Updated
2025-12-05
·
CVE-2025-20388
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10
Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116
Description
A user with a role containing the
change authentication high privilege capability may be able to enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. This occurs in Splunk Enterprise and Splunk Cloud Platform.Recommendations
Update Splunk Enterprise to version 10.0.1 or later.
Update Splunk Enterprise to version 9.4.6 or later.
Update Splunk Enterprise to version 9.3.8 or later.
Update Splunk Enterprise to version 9.2.10 or later.
Update Splunk Cloud Platform to version 10.1.2507.4 or later.
Update Splunk Cloud Platform to version 10.0.2503.7 or later.
Update Splunk Cloud Platform to version 9.3.2411.116 or later.
Fix
LPE
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise