vulnerability

Splunk: CVE-2025-20370: Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:M/C:N/I:N/A:C)	Oct 1, 2025	Oct 6, 2025	Oct 31, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:N/I:N/A:C)

Published

Oct 1, 2025

Added

Oct 6, 2025

Modified

Oct 31, 2025

Description

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, a user who holds a role that contains the high-privilege capabilitychange_authentication, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted.SeeDefine roles on the Splunk platform with capabilitiesandConfiguring LDAPfor more information.

Solution

splunk-upgrade-latest

References

CVE-2025-20370
https://attackerkb.com/topics/CVE-2025-20370
URL-https://advisory.splunk.com/advisories/SVD-2025-1005.html
CWE-400
CWE-770

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today