CVE-2025-20385

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 80.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Cloud Platform Splunk Splunk Enterprise Splunk Splunk

Timeline

PublishedDec 3

Description

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform10.1.2507 — 10.1.2507.6+2

▶NVDsplunk/splunk_cloud_platform9.3.2411 — 9.3.2411.117+2

▶CVEListV5splunk/splunk_enterprise10.0 — 10.0.2+3

▶NVDsplunk/splunk9.2.0 — 9.2.10+3

🔴Vulnerability Details

CVEList

Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise↗2025-12-03

▶

GHSA

GHSA-3vhx-c2qq-56q5: In Splunk Enterprise versions below 10↗2025-12-03

▶