CVE-2025-20378
CVE-2025-20378 affects Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9 and Splunk Cloud Platform below 10.0.2503.5, 9.3.2411.111, 9.3.2408.121. An unauthenticated attacker can craft a malicious URL using the return_to parameter of the Splunk Web login endpoint; when an authenticated ...