CVE-2025-20389 MEDIUM

CVE-2025-20389: Improper Input Validation in "label" column field in Splunk Secure Gateway App

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-20 · Input validation
Published December 3, 2025
Last update December 3, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

Key dates

02Disclosure timeline

December 3, 2025 CVE published
December 3, 2025 Record updated