CVE-2025-20384
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: Cisco Systems, Inc.
Description
Description
In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 9.2.0 (inc) to 9.2.10 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.8 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.6 (exc) |
| splunk | splunk | 10.0.0 |
| splunk | splunk_cloud_platform | From 9.3.2411 (inc) to 9.3.2411.117 (exc) |
| splunk | splunk_cloud_platform | From 10.0.2503 (inc) to 10.0.2503.6 (exc) |
| splunk | splunk_cloud_platform | From 10.1.2507 (inc) to 10.1.2507.4 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-117 | The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file. |
