CVE-2025-20384

MEDIUM

Splunk <10.0.1-9.2.10 - Info Disclosure

Title source: llm

Description

In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files due to improper validation at the /en-US/static/ web endpoint. This may allow them to poison, forge, or obfuscate sensitive log data through specially crafted HTTP requests, potentially impacting log integrity and detection capabilities.

Exploits (1)

nomisec WORKING POC

by Axselll · poc

https://github.com/Axselll/CVE-2025-20384

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2025-1203

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-117

Status published

Products (3)

splunk/splunk 10.0.0

splunk/splunk 9.2.0 - 9.2.10

splunk/splunk_cloud_platform 9.3.2411 - 9.3.2411.117

Published Dec 03, 2025

Tracked Since Feb 18, 2026