Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

Basic Information

ID CVE-2025-20371

Source cisco

Published Oct 1, 2025 at 16:08

Affected Product

Vendor Splunk

Product Splunk Enterprise

Version 10.0

Affected Versions Splunk Splunk Enterprise 10.0
Splunk Splunk Enterprise 9.4
Splunk Splunk Enterprise 9.3
Splunk Splunk Enterprise 9.2
Splunk Splunk Cloud Platform 9.3.2411
Splunk Splunk Cloud Platform 9.3.2408
Splunk Splunk Cloud Platform 9.2.2406

References

advisory.splunk.com /advisories/SVD-2025-1006

{
    "lastseen": "",
    "description": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.",
    "published": "2025-10-01T16:08:02.891Z",
    "modified": "2025-10-01T16:08:02.891Z",
    "type": "cve",
    "title": "Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise",
    "source": "cisco",
    "references": "https://advisory.splunk.com/advisories/SVD-2025-1006",
    "id": "CVE-2025-20371",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Splunk Splunk Enterprise 10.0\nSplunk Splunk Enterprise 9.4\nSplunk Splunk Enterprise 9.3\nSplunk Splunk Enterprise 9.2\nSplunk Splunk Cloud Platform 9.3.2411\nSplunk Splunk Cloud Platform 9.3.2408\nSplunk Splunk Cloud Platform 9.2.2406",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Splunk Enterprise",
    "version": "10.0",
    "vendor": "Splunk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise_CVE-2025-20371

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply