Low-privileged Users Leak Alert Data via Push Notifications in Splunk <10.0.2
CVE-2025-20383 Published on December 3, 2025
Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-20383 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-20383
Want to know whenever a new CVE is published for Splunk products? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 10.0 and below 10.0.2 is affected.
- Version 9.4 and below 9.4.6 is affected.
- Version 9.3 and below 9.3.8 is affected.
- Version 9.2 and below 9.2.10 is affected.
- Version 10.1.2507 and below 10.1.2507.6 is affected.
- Version 10.0.2503 and below 10.0.2503.8 is affected.
- Version 9.3.2411 and below 9.3.2411.120 is affected.
- Version 3.9 and below 3.9.10 is affected.
- Version 3.8 and below 3.8.58 is affected.
- Version 3.7 and below 3.7.28 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.