CVE-2025-20384
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 9.2.0 (inc) to 9.2.10 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.8 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.6 (exc) |
| splunk | splunk | 10.0.0 |
| splunk | splunk_cloud_platform | From 9.3.2411 (inc) to 9.3.2411.117 (exc) |
| splunk | splunk_cloud_platform | From 10.0.2503 (inc) to 10.0.2503.6 (exc) |
| splunk | splunk_cloud_platform | From 10.1.2507 (inc) to 10.1.2507.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in certain versions of Splunk Enterprise and Splunk Cloud Platform allows an unauthenticated attacker to inject ANSI escape codes into Splunk log files via the /en-US/static/ web endpoint due to improper input validation. This injection can enable the attacker to poison, forge, or obfuscate sensitive log data by sending specially crafted HTTP requests.
How can this vulnerability impact me? :
The vulnerability can impact you by compromising the integrity of your log data. An attacker could poison or forge logs, making it difficult to trust the logs for accurate information or detection of malicious activity. This could hinder incident response and security monitoring efforts.