CVE-2025-20385

03.12.2025, 17:15

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.4 LOW	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
cisco	CNA	2.4 LOW				CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Vendor	Product	Version
splunk	splunk	9.2.0 ≤ 𝑥 < 9.2.10
splunk	splunk	9.3.0 ≤ 𝑥 < 9.3.8
splunk	splunk	9.4.0 ≤ 𝑥 < 9.4.6
splunk	splunk	10.0.0 ≤ 𝑥 < 10.0.2
splunk	splunk_cloud_platform	9.3.2411 ≤ 𝑥 < 9.3.2411.117
splunk	splunk_cloud_platform	10.0.2503 ≤ 𝑥 < 10.0.2503.7
splunk	splunk_cloud_platform	10.1.2507 ≤ 𝑥 < 10.1.2507.6

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://advisory.splunk.com/advisories/SVD-2025-1204