CVE-2025-20378
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-12-03

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-12-03
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20378
EUVD
EUVD-2025-131961
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.2.0 (inc) to 9.2.9 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.7 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.5 (exc)
splunk splunk 10.0.0
splunk splunk_cloud_platform From 9.3.2408 (inc) to 9.3.2408.121 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.111 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where an unauthenticated attacker can craft a malicious URL using the 'return_to' parameter of the Splunk Web login endpoint. If an authenticated user visits this malicious URL, it can cause an unvalidated redirect to an external malicious site. The attacker must trick the user into initiating the request, and cannot exploit the vulnerability at will.


How can this vulnerability impact me? :

The vulnerability can lead to users being redirected to malicious external sites without validation, potentially exposing them to phishing, malware, or other attacks. However, exploitation requires tricking an authenticated user to visit a crafted URL, so the risk depends on user interaction.


What immediate steps should I take to mitigate this vulnerability?

Upgrade Splunk Enterprise to version 10.0.1 or later, or Splunk Cloud Platform to version 10.0.2503.5 or later. Avoid visiting or clicking on suspicious URLs that use the 'return_to' parameter in the Splunk Web login endpoint until the upgrade is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart