CVE-2025-20382

🗓️ 03 Dec 2025 17:00:21Reported by ciscoType

A low privileged user can create a dashboard with a base64 image to bypass URL warnings and redirect externally.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-20382	4 Dec 202514:50	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞	3 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise	3 Dec 202517:00	–	cvelist
EUVD	EUVD-2025-200996	3 Dec 202517:00	–	euvd
NCSC	Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform	8 Dec 202508:23	–	ncsc
NVD	CVE-2025-20382	3 Dec 202517:15	–	nvd
Positive Technologies	PT-2025-48954	3 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20382	4 Dec 202517:16	–	redhatcve
Tenable Nessus	Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1201)	3 Dec 202500:00	–	nessus
Vulnrichment	CVE-2025-20382 URL validation bypass through Views Dashboard in Splunk Enterprise	3 Dec 202517:00	–	vulnrichment

NVD

Node

splunk splunkRange9.2.0–9.2.10enterprise

splunk splunkRange9.3.0–9.3.8enterprise

splunk splunkRange9.4.0–9.4.6enterprise

splunk splunkRange10.0.0–10.0.2enterprise

splunk splunk_cloud_platformRange9.3.2411–9.3.2411.120

splunk splunk_cloud_platformRange10.0.2503–10.0.2503.8

splunk splunk_cloud_platformRange10.1.2507–10.1.2507.10

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.2"
      },
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.6"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.8"
      },
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.10"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "10.1.2507",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.1.2507.10"
      },
      {
        "version": "10.0.2503",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "10.0.2503.8"
      },
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.120"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2025-1201

05 Dec 2025 18:33Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.13.5 - 5.4

EPSS0.00027

SSVC

CWE-601