Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app
Advisory ID: SVD-2025-1202
CVE ID: CVE-2025-20383
Published: 2025-12-03
Last Update: 2025-12-03
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
Bug ID: VULN-45778
Description
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the “admin” or “power” Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert.
Solution
Upgrade Splunk Enterprise to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10, or higher.
Splunk is actively monitoring and patching Splunk Cloud Platform instances.
Product Status
| Product | Base Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 10.0 | Splunk Secure Gateway | Below 10.0.2 | 10.0.2 |
| Splunk Enterprise | 9.4 | Splunk Secure Gateway | Below 9.4.6 | 9.4.6 |
| Splunk Enterprise | 9.3 | Splunk Secure Gateway | Below 9.3.8 | 9.3.8 |
| Splunk Enterprise | 9.2 | Splunk Secure Gateway | Below 9.2.10 | 9.2.10 |
| Splunk Cloud Platform | 10.1.2507 | Splunk Secure Gateway | Below 10.1.2507.6 | 10.1.2507.6 |
| Splunk Cloud Platform | 10.0.2503 | Splunk Secure Gateway | Below 10.0.2503.8 | 10.0.2503.8 |
| Splunk Cloud Platform | 9.3.2411 | Splunk Secure Gateway | Below 9.3.2411.120 | 9.3.2411.120 |
| Splunk Secure Gateway | 3.9 | Below 3.9.10 | 3.9.10 | |
| Splunk Secure Gateway | 3.8 | Below 3.8.58 | 3.8.58 | |
| Splunk Secure Gateway | 3.7 | Below 3.7.28 | 3.7.28 |
Mitigations and Workarounds
Disable the Splunk Secure Gateway App. See Manage app and add-on objects.
Note: Splunk Mobile, Spacebridge, and Mission Control rely on functionality in the Splunk Secure Gateway app. If you do not use any of the apps, features, or functionality, as a potential mitigation, you may remove or disable the app.
Detections
None
Severity
Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
If you do not use and have never registered a device on the Splunk Secure Gateway app, there should be no impact and the severity would be informational.
Acknowledgments
Anton (therceman)