Unauthenticated Redirect Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2025-20378

3.1LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-20378?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, an unauthenticated attacker could exploit a flaw in the return_to parameter of the login endpoint. By crafting a malicious URL, the attacker could lead authenticated users to an unvalidated redirect to a potentially harmful external site. Exploitation relies on tricking users into clicking the malicious link, requiring social engineering rather than direct attack methods.

Affected Version(s)

Splunk Cloud Platform 10.0.2503 < 10.0.2503.5

Splunk Cloud Platform 9.3.2411 < 9.3.2411.111

Splunk Cloud Platform 9.3.2408 < 9.3.2408.121

References

https://advisory.splunk.com/advisories/SVD-2025-1101

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Diogo Real (c0rte)

JSON