SB2025120435 - Multiple vulnerabilities in Splunk Enterprise and Splunk Secure Gateway

Description

This security bulletin contains information about 2 vulnerabilities.

1) Improper access control (CVE-ID: CVE-2025-20383)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions. A remote user can subscribe to mobile push notifications and receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

2) Input validation error (CVE-ID: CVE-2025-20389)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the "label" column field in Splunk Secure Gateway App. A remote user can pass a malicious payload through the label column field after adding a new device in the Splunk Secure Gateway app and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://advisory.splunk.com/advisories/SVD-2025-1202
• https://advisory.splunk.com/advisories/SVD-2025-1208