CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20378

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.8%

CVSS Severity

CVSS v3 Score 3.1

References

https://advisory.splunk.com/advisories/SVD-2025-1101

Products affected by CVE-2025-20378

Splunk » Splunk » Version: 10.0.0

cpe:2.3:a:splunk:splunk:10.0.0
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk » Version: 9.2.2

cpe:2.3:a:splunk:splunk:9.2.2
Splunk » Splunk » Version: 9.2.3

cpe:2.3:a:splunk:splunk:9.2.3
Splunk » Splunk » Version: 9.2.4

cpe:2.3:a:splunk:splunk:9.2.4
Splunk » Splunk » Version: 9.2.5

cpe:2.3:a:splunk:splunk:9.2.5
Splunk » Splunk » Version: 9.2.6

cpe:2.3:a:splunk:splunk:9.2.6
Splunk » Splunk » Version: 9.2.7

cpe:2.3:a:splunk:splunk:9.2.7
Splunk » Splunk » Version: 9.2.8

cpe:2.3:a:splunk:splunk:9.2.8
Splunk » Splunk » Version: 9.3.0

cpe:2.3:a:splunk:splunk:9.3.0
Splunk » Splunk » Version: 9.3.1

cpe:2.3:a:splunk:splunk:9.3.1
Splunk » Splunk » Version: 9.3.2

cpe:2.3:a:splunk:splunk:9.3.2
Splunk » Splunk » Version: 9.3.3

cpe:2.3:a:splunk:splunk:9.3.3
Splunk » Splunk » Version: 9.3.4

cpe:2.3:a:splunk:splunk:9.3.4
Splunk » Splunk » Version: 9.3.5

cpe:2.3:a:splunk:splunk:9.3.5
Splunk » Splunk » Version: 9.3.6

cpe:2.3:a:splunk:splunk:9.3.6
Splunk » Splunk » Version: 9.4.0

cpe:2.3:a:splunk:splunk:9.4.0
Splunk » Splunk » Version: 9.4.1

cpe:2.3:a:splunk:splunk:9.4.1
Splunk » Splunk » Version: 9.4.2

cpe:2.3:a:splunk:splunk:9.4.2
Splunk » Splunk » Version: 9.4.3

cpe:2.3:a:splunk:splunk:9.4.3
Splunk » Splunk » Version: 9.4.4

cpe:2.3:a:splunk:splunk:9.4.4
Splunk » Splunk Cloud Platform » Version: 10.0.2503

cpe:2.3:a:splunk:splunk_cloud_platform:10.0.2503
Splunk » Splunk Cloud Platform » Version: 9.3.2408

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408
Splunk » Splunk Cloud Platform » Version: 9.3.2408.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.100
Splunk » Splunk Cloud Platform » Version: 9.3.2408.101

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.101
Splunk » Splunk Cloud Platform » Version: 9.3.2408.103

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.103
Splunk » Splunk Cloud Platform » Version: 9.3.2408.104

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.104
Splunk » Splunk Cloud Platform » Version: 9.3.2408.107

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.107
Splunk » Splunk Cloud Platform » Version: 9.3.2408.111

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.111
Splunk » Splunk Cloud Platform » Version: 9.3.2408.112

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.112
Splunk » Splunk Cloud Platform » Version: 9.3.2408.113

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.113
Splunk » Splunk Cloud Platform » Version: 9.3.2408.114

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.114
Splunk » Splunk Cloud Platform » Version: 9.3.2408.117

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.117
Splunk » Splunk Cloud Platform » Version: 9.3.2408.118

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.118
Splunk » Splunk Cloud Platform » Version: 9.3.2408.119

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.119
Splunk » Splunk Cloud Platform » Version: 9.3.2411

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411
Splunk » Splunk Cloud Platform » Version: 9.3.2411.102

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.102
Splunk » Splunk Cloud Platform » Version: 9.3.2411.103

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.103
Splunk » Splunk Cloud Platform » Version: 9.3.2411.104

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.104
Splunk » Splunk Cloud Platform » Version: 9.3.2411.107

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.107
Splunk » Splunk Cloud Platform » Version: 9.3.2411.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.108
Splunk » Splunk Cloud Platform » Version: 9.3.2411.109

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.109

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20378

Products

Pricing

Contact Us