CVE-2025-20378

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121

Description An unauthenticated attacker could construct a malicious URL utilizing the return to parameter of the Splunk Web login endpoint. If an authenticated user accesses this URL, it may result in an unvalidated redirect to a malicious external site. Successful exploitation requires the attacker to deceive the victim into initiating a request from their browser. The attacker cannot exploit the issue without user interaction.

Recommendations Splunk Enterprise versions prior to 10.0.1 should be updated to version 10.0.1 or later. Splunk Enterprise versions prior to 9.4.5 should be updated to version 9.4.5 or later. Splunk Enterprise versions prior to 9.3.7 should be updated to version 9.3.7 or later. Splunk Enterprise versions prior to 9.2.9 should be updated to version 9.2.9 or later. Splunk Cloud Platform versions prior to 10.0.2503.5 should be updated to version 10.0.2503.5 or later. Splunk Cloud Platform versions prior to 9.3.2411.111 should be updated to version 9.3.2411.111 or later. Splunk Cloud Platform versions prior to 9.3.2408.121 should be updated to version 9.3.2408.121 or later.