CVE-2025-20383

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2025-1202	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_secure_gateway::::::::
	cpe:2.3:a:splunk:splunk_secure_gateway::::::::
	cpe:2.3:a:splunk:splunk_secure_gateway::::::::

History

No history.

Information

Published : 2025-12-03 17:15

Updated : 2025-12-05 18:30

NVD link : CVE-2025-20383

Mitre link : CVE-2025-20383

CVE.ORG link : CVE-2025-20383

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk_secure_gateway
splunk

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-Other

{"id": "CVE-2025-20383", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-12-03T17:15:50.567", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2025-1202", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 10.0.2, 9.4.6, 9.3.8 y 9.2.10, y anteriores a 3.9.10, 3.8.58 y 3.7.28 de la aplicaci\u00f3n Splunk Secure Gateway en Splunk Cloud Platform, un usuario con privilegios bajos que no posee los roles de Splunk 'admin' o 'power' y se suscribe a notificaciones push m\u00f3viles podr\u00eda recibir notificaciones que revelan el t\u00edtulo y la descripci\u00f3n del informe o la alerta incluso si no tienen acceso para ver el informe o la alerta."}], "lastModified": "2025-12-05T18:30:13.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "AE8BF109-2B9C-4C50-AC9F-10A45456FD75", "versionEndExcluding": "9.2.10", "versionStartIncluding": "9.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "05D6973D-D965-42D3-8320-AF4A4B424E6C", "versionEndExcluding": "9.3.8", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "8571F470-6AE1-4737-B1FA-49121E426AF2", "versionEndExcluding": "9.4.6", "versionStartIncluding": "9.4.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160", "versionEndExcluding": "10.0.2", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6CA3000-9C26-45B9-A2A2-C22F3F4246BC", "versionEndExcluding": "9.3.2411.120", "versionStartIncluding": "9.3.2411"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D269788F-7244-4307-B551-C1B943EF2BB9", "versionEndExcluding": "10.0.2503.8", "versionStartIncluding": "10.0.2503"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C54FA9B3-9E2A-4D99-8432-C39D3EC79507", "versionEndExcluding": "10.1.2507.6", "versionStartIncluding": "10.1.2507"}, {"criteria": "cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6947693D-3CE8-4C49-A1AB-94F8E6AEA562", "versionEndExcluding": "3.7.28", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0583DB2E-A07E-4A14-8AA4-D9111F0F878C", "versionEndExcluding": "3.8.58", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38430AA-336A-432E-AD40-78CBB5F4DC30", "versionEndExcluding": "3.9.10", "versionStartIncluding": "3.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}