Security Advisory

CVE-2025-20389

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 17:00:55

Last updated 2025-12-03 21:37:01

Assigner cisco

State PUBLISHED

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

← Browse all CVEs View on cve.org ↗