Splunk Enterprise DoS via LDAP Repeated Bind Attack (v<10.0.1,9.4.4,9.3.6,9.2.8)
CVE-2025-20370 Published on October 1, 2025

Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise
In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU usage, which could potentially lead to a denial of service (DoS) until the Splunk Enterprise instance is restarted. See https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/manage-splunk-platform-users-and-roles/define-roles-on-the-splunk-platform-with-capabilities and https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.0/use-ldap-as-an-authentication-scheme/configure-ldap-with-splunk-web#cfe47e31_007f_460d_8b3d_8505ffc3f0dd__Configure_LDAP_with_Splunk_Web for more information.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2025-20370 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2025-20370

Want to know whenever a new CVE is published for Splunk? stack.watch will email you.

Splunk
 

Affected Versions

Splunk Enterprise: Splunk Enterprise Cloud:

Exploit Probability

EPSS
0.12%
Percentile
30.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.