CVE-2025-20389

Improper Input Validation in "label" column field in Splunk Secure Gateway App

CVSS 4.3 MEDIUMEPSS 0.4%CWE-20

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

03 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Splunk · Splunk Cloud Platform Splunk · Splunk Enterprise Splunk · Splunk Secure Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://advisory.splunk.com/advisories/SVD-2025-1208