CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20384

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.4%

CVSS Severity

CVSS v3 Score 5.3

References

https://advisory.splunk.com/advisories/SVD-2025-1203

Products affected by CVE-2025-20384

Splunk » Splunk » Version: 10.0.0

cpe:2.3:a:splunk:splunk:10.0.0
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk » Version: 9.2.2

cpe:2.3:a:splunk:splunk:9.2.2
Splunk » Splunk » Version: 9.2.3

cpe:2.3:a:splunk:splunk:9.2.3
Splunk » Splunk » Version: 9.2.4

cpe:2.3:a:splunk:splunk:9.2.4
Splunk » Splunk » Version: 9.2.5

cpe:2.3:a:splunk:splunk:9.2.5
Splunk » Splunk » Version: 9.2.6

cpe:2.3:a:splunk:splunk:9.2.6
Splunk » Splunk » Version: 9.2.7

cpe:2.3:a:splunk:splunk:9.2.7
Splunk » Splunk » Version: 9.2.8

cpe:2.3:a:splunk:splunk:9.2.8
Splunk » Splunk » Version: 9.2.9

cpe:2.3:a:splunk:splunk:9.2.9
Splunk » Splunk » Version: 9.3.0

cpe:2.3:a:splunk:splunk:9.3.0
Splunk » Splunk » Version: 9.3.1

cpe:2.3:a:splunk:splunk:9.3.1
Splunk » Splunk » Version: 9.3.2

cpe:2.3:a:splunk:splunk:9.3.2
Splunk » Splunk » Version: 9.3.3

cpe:2.3:a:splunk:splunk:9.3.3
Splunk » Splunk » Version: 9.3.4

cpe:2.3:a:splunk:splunk:9.3.4
Splunk » Splunk » Version: 9.3.5

cpe:2.3:a:splunk:splunk:9.3.5
Splunk » Splunk » Version: 9.3.6

cpe:2.3:a:splunk:splunk:9.3.6
Splunk » Splunk » Version: 9.3.7

cpe:2.3:a:splunk:splunk:9.3.7
Splunk » Splunk » Version: 9.4.0

cpe:2.3:a:splunk:splunk:9.4.0
Splunk » Splunk » Version: 9.4.1

cpe:2.3:a:splunk:splunk:9.4.1
Splunk » Splunk » Version: 9.4.2

cpe:2.3:a:splunk:splunk:9.4.2
Splunk » Splunk » Version: 9.4.3

cpe:2.3:a:splunk:splunk:9.4.3
Splunk » Splunk » Version: 9.4.4

cpe:2.3:a:splunk:splunk:9.4.4
Splunk » Splunk » Version: 9.4.5

cpe:2.3:a:splunk:splunk:9.4.5
Splunk » Splunk Cloud Platform » Version: 10.0.2503

cpe:2.3:a:splunk:splunk_cloud_platform:10.0.2503
Splunk » Splunk Cloud Platform » Version: 10.0.2503.5

cpe:2.3:a:splunk:splunk_cloud_platform:10.0.2503.5
Splunk » Splunk Cloud Platform » Version: 10.1.2507

cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507
Splunk » Splunk Cloud Platform » Version: 10.1.2507.1

cpe:2.3:a:splunk:splunk_cloud_platform:10.1.2507.1
Splunk » Splunk Cloud Platform » Version: 9.3.2411

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411
Splunk » Splunk Cloud Platform » Version: 9.3.2411.102

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.102
Splunk » Splunk Cloud Platform » Version: 9.3.2411.103

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.103
Splunk » Splunk Cloud Platform » Version: 9.3.2411.104

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.104
Splunk » Splunk Cloud Platform » Version: 9.3.2411.107

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.107
Splunk » Splunk Cloud Platform » Version: 9.3.2411.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.108
Splunk » Splunk Cloud Platform » Version: 9.3.2411.109

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.109
Splunk » Splunk Cloud Platform » Version: 9.3.2411.111

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.111
Splunk » Splunk Cloud Platform » Version: 9.3.2411.116

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2411.116

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20384

Products

Pricing

Contact Us