Unvalidated Redirect Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2025-20382

3.5LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-20382?

In various versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user can exploit a flaw that allows them to create a views dashboard with a custom background using base64 encoded data. This can lead to an unvalidated redirect, evading the Splunk external URL warning system. The attack requires phishing tactics to convince an authenticated user to request the crafted URL, potentially directing them to a malicious site.

Affected Version(s)

Splunk Cloud Platform 10.1.2507 < 10.1.2507.10

Splunk Cloud Platform 10.0.2503 < 10.0.2503.8

Splunk Cloud Platform 9.3.2411 < 9.3.2411.120

References

https://advisory.splunk.com/advisories/SVD-2025-1201

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Anton (therceman)

JSON