CVE-2025-20378
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-12-03

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20378
EUVD
EUVD-2025-131961
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.2.0 (inc) to 9.2.9 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.7 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.5 (exc)
splunk splunk 10.0.0
splunk splunk_cloud_platform From 9.3.2408 (inc) to 9.3.2408.121 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.111 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where an unauthenticated attacker can craft a malicious URL using the 'return_to' parameter of the Splunk Web login endpoint. If an authenticated user visits this malicious URL, it can cause an unvalidated redirect to an external malicious site. The attacker must trick the user into initiating the request, and cannot exploit the vulnerability at will.

Impact Analysis

The vulnerability can lead to users being redirected to malicious external sites without validation, potentially exposing them to phishing, malware, or other attacks. However, exploitation requires tricking an authenticated user to visit a crafted URL, so the risk depends on user interaction.

Mitigation Strategies

Upgrade Splunk Enterprise to version 10.0.1 or later, or Splunk Cloud Platform to version 10.0.2503.5 or later. Avoid visiting or clicking on suspicious URLs that use the 'return_to' parameter in the Splunk Web login endpoint until the upgrade is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart