CVE-2025-0367

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 30, 2025

CWE ID 1333

Summary

CVE-2025-0367 is a vulnerability affecting Splunk's Supporting Add-on for Active Directory, version 3.1.0 and lower, which is also known as SA-ldapsearch. This issue involves a susceptible regular expression pattern that can trigger a Regular Expression Denial of Service (ReDoS) attack, potentially causing the affected application to become unresponsive or consume excessive resources. Successful exploitation of this vulnerability may result in a denial-of-service condition, impacting the availability and functionality of the Splunk SA-ldapsearch application. It is essential to update to a newer version or apply the relevant patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database