Main Vulnerability Database Vulnerabilities #VU118466

Improper access control in Splunk Enterprise - CVE-2025-20379

Published: November 13, 2025

Vulnerability identifier: #VU118466

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-20379

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Splunk Inc.

Affected software:
Splunk Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions at the "/services/streams/search" endpoint. A remote low-privileged user can run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands by circumventing endpoint restrictions using character encoding in the REST path passed via the "q" parameter to the affected endpoint.

How to mitigate CVE-2025-20379

Install updates from vendor's website.

Sources

https://advisory.splunk.com/advisories/SVD-2025-1102

Improper access control in Splunk Enterprise - CVE-2025-20379

Detailed vulnerability description

How to mitigate CVE-2025-20379

Sources

Please verify you're human