Splunk Enterprise <=10.0.2 Low-Priv DoS via Secure Gateway 'label'
CVE-2025-20389 Published on December 3, 2025
Improper Input Validation in "label" column field in Splunk Secure Gateway App
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2025-20389
Want to know whenever a new CVE is published for Splunk products? stack.watch will email you.
Affected Versions
Splunk Enterprise:- Version 10.0 and below 10.0.2 is affected.
- Version 9.4 and below 9.4.6 is affected.
- Version 9.3 and below 9.3.8 is affected.
- Version 9.2 and below 9.2.10 is affected.
- Version 10.1.2507 and below 10.1.2507.6 is affected.
- Version 10.0.2503 and below 10.0.2503.8 is affected.
- Version 9.3.2411 and below 9.3.2411.120 is affected.
- Version 3.9 and below 3.9.10 is affected.
- Version 3.8 and below 3.8.58 is affected.
- Version 3.7 and below 3.7.28 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.