Main Vulnerability Database Vulnerabilities #VU118466

#VU118466 Improper access control in Splunk Enterprise - CVE-2025-20379

Published: November 13, 2025

Vulnerability identifier: #VU118466

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-20379

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Splunk Enterprise

Software vendor:
Splunk Inc.

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions at the "/services/streams/search" endpoint. A remote low-privileged user can run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands by circumventing endpoint restrictions using character encoding in the REST path passed via the "q" parameter to the affected endpoint.

Remediation

Install updates from vendor's website.

External links

https://advisory.splunk.com/advisories/SVD-2025-1102

#VU118466 Improper access control in Splunk Enterprise - CVE-2025-20379

Description

Remediation

External links

Please verify you're human