Splunk: CVE-2025-20371: Unauthenticated Blind Server Side Request Forgery (SSRF) in Splunk Enterprise

In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119, and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF), potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.To be successful, the attack requires theenableSplunkWebClientNetlocsetting in theweb.confconfiguration file to have a value oftrue. Additionally, the attacker likely has to phish the victim by tricking them into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.See theweb.confconfiguration specification file for more information on the configuration settings.