CVE-2025-20382

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120

Description A user with limited privileges, lacking administrator or power roles, can create a views dashboard with a custom background image using the data:image/png;base64 protocol. This can lead to an unvalidated redirect, bypassing Splunk’s external URL warning mechanism and potentially redirecting a user to a malicious website. Exploitation requires an attacker to phish a victim into initiating a request within their browser. The authenticated user cannot independently exploit this issue. The vulnerability involves crafting a URL to achieve the redirection.

Recommendations Update Splunk Enterprise to version 10.0.2 or later. Update Splunk Enterprise to version 9.4.6 or later. Update Splunk Enterprise to version 9.3.8 or later. Update Splunk Enterprise to version 9.2.10 or later. Update Splunk Cloud Platform to version 10.1.2507.10 or later. Update Splunk Cloud Platform to version 10.0.2503.8 or later. Update Splunk Cloud Platform to version 9.3.2411.120 or later.