Key Information Vulnerability Overview Vulnerability Type: Sensitive Information Disclosure Affected Products: Splunk Enterprise and Splunk Cloud Platform Affected Versions: - Splunk Enterprise: 9.4.0 to 9.4.2, 9.3.0 to 9.3.4, 9.2.0 to 9.2.6, 9.1.0 to 9.1.9 - Splunk Cloud Platform: Below 9.3.2411.103, Below 9.3.2408.113, Below 9.2.2406.119 Fixed Versions: - Splunk Enterprise: 9.4.3, 9.3.5, 9.2.7, 9.1.10 - Splunk Cloud Platform: 9.3.2411.103, 9.3.2408.113, 9.2.2406.119 Vulnerability Details CVE ID: CVE-2025-20325 CVSSv3.1 Score: 3.1 (Low) CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CWE: CWE-200 Description In specific versions of Splunk Enterprise and Splunk Cloud Platform, if the SHCConfig log channel is configured in a cluster deployment and DEBUG log level is enabled, the search head cluster key may be exposed. Local access to log files or administrative access to internal indexes is required to exploit this vulnerability. Solution 1. Determine whether DEBUG log level is enabled. 2. If enabled, upgrade to a fixed version or rotate the key file. Mitigation Configure the SHCConfig log channel to a lower log level. Rotate the key file. Severity Splunk rates this vulnerability as 3.1 (Low), with CVSSv3.1 vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N.