Vulnerability Database

313,495

Total vulnerabilities in the database

CVE-2025-20378

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the return_to parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.

Published: Nov 12, 2025
Updated: Nov 13, 2025
CVE: CVE-2025-20378
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.1
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
splunk / splunk	9.2.0	9.2.9
splunk / splunk	9.3.0	9.3.7
splunk / splunk	9.4.0	9.4.5
splunk / splunk	10.0.0	10.0.0.x
splunk / splunk_cloud_platform	9.3.2408	9.3.2408.121
splunk / splunk_cloud_platform	9.3.2411	9.3.2411.111
splunk / splunk_cloud_platform	10.0.2503	10.0.2503.5

https://advisory.splunk.com/advisories/SVD-2025-1101

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo