CVE-2025-20384

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125

Description An unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This can allow an attacker to manipulate, create, or hide sensitive log data using specifically designed HTTP requests, potentially affecting the reliability of logs and the ability to detect security events.

Recommendations Update Splunk Enterprise to version 10.0.1 or later. Update Splunk Enterprise to version 9.4.6 or later. Update Splunk Enterprise to version 9.3.8 or later. Update Splunk Enterprise to version 9.2.10 or later. Update Splunk Cloud Platform to version 10.1.2507.4 or later. Update Splunk Cloud Platform to version 10.0.2503.6 or later. Update Splunk Cloud Platform to version 9.3.2411.117.125 or later.