CVE-2025-20389
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 9.2.0 (inc) to 9.2.10 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.8 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.6 (exc) |
| splunk | splunk | From 10.0.0 (inc) to 10.0.2 (exc) |
| splunk | splunk_cloud_platform | From 9.3.2411 (inc) to 9.3.2411.120 (exc) |
| splunk | splunk_cloud_platform | From 10.0.2503 (inc) to 10.0.2503.8 (exc) |
| splunk | splunk_cloud_platform | From 10.1.2507 (inc) to 10.1.2507.6 (exc) |
| splunk | splunk_secure_gateway | From 3.7.0 (inc) to 3.7.28 (exc) |
| splunk | splunk_secure_gateway | From 3.8.0 (inc) to 3.8.58 (exc) |
| splunk | splunk_secure_gateway | From 3.9.0 (inc) to 3.9.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform. A low-privileged user without admin or power roles can craft a malicious payload through the 'label' column field after adding a new device in the Splunk Secure Gateway app. This crafted payload can potentially cause a client-side denial of service (DoS).
How can this vulnerability impact me? :
The vulnerability can lead to a client-side denial of service (DoS), which means that affected users may experience service interruptions or unavailability on the client side when interacting with the Splunk Secure Gateway app. This could disrupt normal operations and affect productivity.