Advisory ID: SVD-2025-1105 CVE ID: CVE-2025-20373 Published: 2025-11-26 Last Update: 2025-11-26 CVSSv3.1 Score: 2.7, Low CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CWE: CWE-532 Bug ID: VULN-43964 Description In Splunk Add-on for Palo Alto Networks versions below 2.0.2, the add-on exposes client secrets in plain text in the "_internal" index during the addition of new "Data Security Accounts". The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. See Define roles on the Splunk platform with capabilities in the Splunk documentation for more information. Solution Upgrade Splunk Add-On for Palo Alto Networks to version 2.0.2, 3.0.0, or higher and determine if any credentials are exposed in plain text: 1. In Search and Reporting, search for 2. Immediately generate a new as needed, and revoke any that have been exposed as a result of this vulnerability. Product Status Mitigations and Workarounds None Detections None Severity Splunk rates this vulnerability a 2.7, Low, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. If you do not use Splunk Add-On for Palo Alto Networks then, there should be no impact and the severity would be Informational. Acknowledgments Vignesh Subramanian, Splunk