CVE-2025-20382

CWE-601Open Redirect3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 85.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Splunk Cloud PlatformSplunk Splunk EnterpriseSplunk Splunk
Timeline
PublishedDec 3

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a views dashboard with a custom background using the `data:image/png;base64` protocol that could potentially lead to an unvalidated redirect. This behavior circumvents the Splunk external URL warning mechanism by using a specially crafted URL, allowing f

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform10.1.250710.1.2507.10+2
NVDsplunk/splunk_cloud_platform9.3.24119.3.2411.120+2
CVEListV5splunk/splunk_enterprise10.010.0.2+3
NVDsplunk/splunk9.2.09.2.10+3

🔴Vulnerability Details

2
GHSA
GHSA-9f8g-g258-v49c: In Splunk Enterprise versions below 102025-12-03
CVEList
URL validation bypass through Views Dashboard in Splunk Enterprise2025-12-03