Cross-Site Scripting Issue in Splunk Enterprise and Splunk Cloud Platform
CVE-2025-20385

2.4LOW

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-20385?

A cross-site scripting vulnerability exists in Splunk Enterprise and Splunk Cloud Platform versions preceding specified updates. Users with elevated privileges can manipulate navigation elements to inject malicious scripts, which execute in the browsers of unsuspecting users, potentially compromising user data and security.

Affected Version(s)

Splunk Cloud Platform 10.1.2507 < 10.1.2507.6

Splunk Cloud Platform 10.0.2503 < 10.0.2503.7

Splunk Cloud Platform 9.3.2411 < 9.3.2411.117

References

https://advisory.splunk.com/advisories/SVD-2025-1204

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Dr. Oliver Matula, DB Systel GmbH

JSON