Skip to main content

Open Redirect CVE-2025-20378

LOW
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2025-11-12 psirt@cisco.com
Open Redirect Splunk Splunk Cloud Platform
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
CVE Published
Nov 12, 2025 - 18:15 nvd
LOW 3.1

DescriptionCVE.org

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the return_to parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will.

AnalysisAI

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the return_to parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To be successful, the attacker has to trick the victim into initiating a request from their browser. The unauthenticated attacker should not be able to exploit the vulnerability at will. Affected products include: Splunk, Splunk Splunk Cloud Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

More from same product – last 7 days

CVE-2026-48856 HIGH
7.1 Jun 10

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows att
CVE-2026-41706 MEDIUM
6.1 Jun 10

Open redirect in Spring Security's cookie-based saved-request components allows remote unauthenticated attackers to redi
CVE-2026-11477 LOW POC
2.1 Jun 08

Open redirect in hs-web hsweb-framework's OAuth2Client component (versions up to 5.0.1) allows remote unauthenticated at
CVE-2026-41008 MEDIUM
6.1 Jun 10

Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC `request_uri` paramete
CVE-2026-21826 MEDIUM
6.1 Jun 05

Host header injection in HCL Digital Experience and HCL Digital Experience Compose enables unauthenticated remote attack

Share

CVE-2025-20378 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy