CVE-2025-20385
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-20385, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-03

Last updated on: 2025-12-05

Assigner: Cisco Systems, Inc.

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-03
Last Modified
2025-12-05
Generated
2026-07-06
AI Q&A
2025-12-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.2.0 (inc) to 9.2.10 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.8 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.6 (exc)
splunk splunk From 10.0.0 (inc) to 10.0.2 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.117 (exc)
splunk splunk_cloud_platform From 10.0.2503 (inc) to 10.0.2503.7 (exc)
splunk splunk_cloud_platform From 10.1.2507 (inc) to 10.1.2507.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where a user with a high privilege role (admin_all_objects) can craft a malicious payload using the href attribute of an anchor tag within a navigation bar collection. This crafted payload can cause unauthorized JavaScript code to execute in the browser of another user.

Impact Analysis

The vulnerability can lead to unauthorized execution of JavaScript code in a user's browser, potentially allowing attackers to perform actions on behalf of the user or steal sensitive information accessible through the browser session. However, exploitation requires a user with high privilege to craft the malicious payload and a user interaction to trigger it.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20385. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart