CVE-2025-20378
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-20378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-12

Last updated on: 2025-12-03

Assigner: Cisco Systems, Inc.

Description

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-12
Last Modified
2025-12-03
Generated
2026-07-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.2.0 (inc) to 9.2.9 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.7 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.5 (exc)
splunk splunk 10.0.0
splunk splunk_cloud_platform From 9.3.2408 (inc) to 9.3.2408.121 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.111 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where an unauthenticated attacker can craft a malicious URL using the 'return_to' parameter of the Splunk Web login endpoint. If an authenticated user visits this malicious URL, it can cause an unvalidated redirect to an external malicious site. The attacker must trick the user into initiating the request, and cannot exploit the vulnerability at will.

Impact Analysis

The vulnerability can lead to users being redirected to malicious external sites without validation, potentially exposing them to phishing, malware, or other attacks. However, exploitation requires tricking an authenticated user to visit a crafted URL, so the risk depends on user interaction.

Mitigation Strategies

Upgrade Splunk Enterprise to version 10.0.1 or later, or Splunk Cloud Platform to version 10.0.2503.5 or later. Avoid visiting or clicking on suspicious URLs that use the 'return_to' parameter in the Splunk Web login endpoint until the upgrade is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart