CVE & CISA-KEV Catalog

CVE-2025-20325

LOW
3.1
CVSS v3
NVD

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCConfig` log channel at the DEBUG logging level in the clustered deployment. The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities, Deploy a search head cluster, Deploy secure passwords across multiple servers and Set a security key for the search head cluster for more information.

How to fix

Remediation Available
splunkNVD
Affected:>= 9.4.0, < 9.4.3Fixed in:9.4.3CVE-2025-20325derived from NVD
splunk cloud platformNVD
Affected:>= 9.3.2411, < 9.3.2411.103Fixed in:9.3.2411.103CVE-2025-20325derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploit Intelligence

0.31%probability of exploitation in 30 days
23rdpercentile

Low risk: more likely to be exploited than 23% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2025-20325
CVE-2025-20325 severity badge

Markdown

[![CVE-2025-20325](https://tridentstack.com/cve/badge/CVE-2025-20325.svg)](https://tridentstack.com/cve/CVE-2025-20325)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-20325"><img src="https://tridentstack.com/cve/badge/CVE-2025-20325.svg" alt="CVE-2025-20325"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-08-01.