CVE-2025-20371

HIGH 7.5

Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

CWE	CWE-918
Vendor	splunk
Product	splunk enterprise
Published	Oct 1, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for splunk splunk enterprise

Be the first to know when new high vulnerabilities affecting splunk splunk enterprise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Splunk / Splunk Enterprise

10.0 < 10.0.1 9.4 < 9.4.4 9.3 < 9.3.6 9.2 < 9.2.8

Splunk / Splunk Cloud Platform

9.3.2411 < 9.3.2411.109 9.3.2408 < 9.3.2408.119 9.2.2406 < 9.2.2406.122

References

NVD ↗ CVE.org ↗ EPSS Data ↗

advisory.splunk.com: https://advisory.splunk.com/advisories/SVD-2025-1006

Credits

Alex Hordijk (hordalex)