CVE-2025-20389

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions 9.2.10 through 9.4.6 Splunk Enterprise versions 9.3.8 Splunk Secure Gateway app versions below 3.7.28 Splunk Secure Gateway app versions 3.8.58 and below Splunk Secure Gateway app versions 3.9.10 and below

Description A user with limited privileges, lacking 'admin' or 'power' roles within Splunk, can create a malicious payload by manipulating the label column field when adding a new device through the Splunk Secure Gateway app. This manipulation could result in a client-side denial of service (DoS).

Recommendations Update Splunk Enterprise to version 10.0.2 or later. Update Splunk Enterprise to version 9.4.6 or later. Update Splunk Enterprise to version 9.3.8 or later. Update Splunk Enterprise to version 9.2.10 or later. Update the Splunk Secure Gateway app to version 3.7.28 or later. Update the Splunk Secure Gateway app to version 3.8.58 or later. Update the Splunk Secure Gateway app to version 3.9.10 or later.