Splunk Products Multiple Vulnerabilities

Release Date: 4 Dec 2025

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass, cross-site scripting, data manipulation, denial of service condition and elevation of privilege on the targeted system.

---

Impact

• Elevation of Privilege
• Security Restriction Bypass
• Information Disclosure
• Denial of Service
• Data Manipulation
• Cross-Site Scripting

---

System / Technologies affected

• Splunk Enterprise versions below 9.2.10, 9.4.6, 9.3.8 and 10.0.2
• Splunk Cloud Platform versions below 9.3.2411.120, 10.0.2503.8 and 10.1.2507.10
• Splunk Secure Gateway versions below 3.7.28, 3.8.58 and 3.9.10
• Splunk MCP Server versions below 0.2.4

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://advisory.splunk.com/advisories/SVD-2025-1201
• https://advisory.splunk.com/advisories/SVD-2025-1202
• https://advisory.splunk.com/advisories/SVD-2025-1203
• https://advisory.splunk.com/advisories/SVD-2025-1204
• https://advisory.splunk.com/advisories/SVD-2025-1205
• https://advisory.splunk.com/advisories/SVD-2025-1206
• https://advisory.splunk.com/advisories/SVD-2025-1207
• https://advisory.splunk.com/advisories/SVD-2025-1208
• https://advisory.splunk.com/advisories/SVD-2025-1210

---

Vulnerability Identifier

• CVE-2025-20381
• CVE-2025-20382
• CVE-2025-20383
• CVE-2025-20384
• CVE-2025-20385
• CVE-2025-20386
• CVE-2025-20387
• CVE-2025-20388
• CVE-2025-20389

---

Source

• Splunk

---

Related Link

• https://advisory.splunk.com/advisories/SVD-2025-1201
• https://advisory.splunk.com/advisories/SVD-2025-1202
• https://advisory.splunk.com/advisories/SVD-2025-1203
• https://advisory.splunk.com/advisories/SVD-2025-1204
• https://advisory.splunk.com/advisories/SVD-2025-1205
• https://advisory.splunk.com/advisories/SVD-2025-1206
• https://advisory.splunk.com/advisories/SVD-2025-1207
• https://advisory.splunk.com/advisories/SVD-2025-1208
• https://advisory.splunk.com/advisories/SVD-2025-1210