CVE-2025-20382
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 9.2.0 (inc) to 9.2.10 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.8 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.6 (exc) |
| splunk | splunk | From 10.0.0 (inc) to 10.0.2 (exc) |
| splunk | splunk_cloud_platform | From 9.3.2411 (inc) to 9.3.2411.120 (exc) |
| splunk | splunk_cloud_platform | From 10.0.2503 (inc) to 10.0.2503.8 (exc) |
| splunk | splunk_cloud_platform | From 10.1.2507 (inc) to 10.1.2507.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where a low-privileged user without admin or power roles can create a dashboard with a custom background using a base64-encoded image URL. This can lead to an unvalidated redirect by bypassing Splunk's external URL warning mechanism, potentially redirecting users to malicious external sites. Exploitation requires phishing to trick an authenticated user into initiating a request in their browser.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to redirect authenticated users to malicious external websites by bypassing security warnings. This could lead to phishing attacks, malware downloads, or other malicious activities initiated through the redirected site. However, exploitation requires user interaction via phishing and cannot be done at will by the attacker.