CVE-2025-20379

🗓️ 12 Nov 2025 17:23:00Reported by ciscoType

cve🔗 web.nvd.nist.gov👁 7 Views🌐 WEB

Low-privileged user bypasses safeguards via search endpoint with encoded queries; phishing required.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-20379	12 Nov 202518:20	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞	12 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise	12 Nov 202517:23	–	cvelist
EUVD	EUVD-2025-131964	12 Nov 202517:23	–	euvd
NVD	CVE-2025-20379	12 Nov 202518:15	–	nvd
Positive Technologies	PT-2025-46680	12 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20379	13 Nov 202518:00	–	redhatcve
Tenable Nessus	Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.1 (SVD-2025-1102)	12 Nov 202500:00	–	nessus
Vulnrichment	CVE-2025-20379 Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise	12 Nov 202517:23	–	vulnrichment

NVD

Node

splunk splunkRange9.2.0–9.2.9enterprise

splunk splunkRange9.3.0–9.3.7enterprise

splunk splunkRange9.4.0–9.4.5enterprise

splunk splunkMatch10.0.0enterprise

splunk splunk_cloud_platformRange9.3.2408–9.3.2408.124

splunk splunk_cloud_platformRange9.3.2411–9.3.2411.116

splunk splunk_cloud_platformRange10.0.2503–10.0.2503.5

splunk splunk_cloud_platformRange10.1.2507–10.1.2507.1

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.1"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.5"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.7"
      },
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.9"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.116"
      },
      {
        "version": "9.3.2408",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2408.124"
      },
      {
        "version": "10.0.2503",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.2503.5"
      },
      {
        "version": "10.1.2507",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.1.2507.1"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2025-1102

Parameter	Position	Path	Description	CWE
q	query param	services/streams/search	Low-privileged user can bypass SPL safeguards for risky commands by exploiting character encoding in the REST path of /services/streams/search to run a risky command via the q parameter.	CWE-200

03 Dec 2025 21:41Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.13.5

EPSS0.00027

SSVC

CWE-200