CNNVD-202510-039 Information

CNNVD ID

CNNVD-202510-039

Related CVE

CVE-2025-20370

• CNNVD Published: 2025-10-01

Description (Chinese)

Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在资源管理错误漏洞，该漏洞源于高权限用户可发送多个LDAP绑定请求，可能导致高服务器CPU使用率和拒绝服务。以下版本受到影响：Splunk Enterprise 10.0.1之前版本、9.4.4版本、9.3.6版本和9.2.8版本和Splunk Cloud Platform 9.3.2411.108之前版本、9.3.2408.118版本和9.2.2406.123版本。

Description (English)

Splunk Cloud Platform and Splunk Enterprise are products of the United States company Splunk. Splung Cloud Platform is a powerful data collection, processing and analysis service. Splung Enterprise is a data collection and analysis software. Splunk Cloud Platform and Splunk Enterprise had a resource management error gap, which stemmed from the fact that high-authority users could send multiple LDAP binding requests, which could lead to high server CPU usage and denial of services. The following versions have been affected: Splung Enterprise 10.0.1, 9.4.4, 9.3.6 and 9.2.8 and Splung Cloud Platform 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

Splunk

Published

2025-10-01

Last Modified

2026-02-24

References

https://advisory.splunk.com/advisories/SVD-2025-1005 https://vigilance.fr/vulnerability/Splunk-Enterprise-overload-via-Multiple-LDAP-Bind-Requests-48367

Patch

https://advisory.splunk.com/advisories/SVD-2025-1005