vulnerability
Splunk: CVE-2025-20385: Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:M/C:P/I:N/A:N) | Dec 3, 2025 | Dec 4, 2025 | Dec 4, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:M/C:P/I:N/A:N)
Published
Dec 3, 2025
Added
Dec 4, 2025
Modified
Dec 4, 2025
Description
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capabilityadmin_all_objectscould craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user.SeeDefine roles on the Splunk platform with capabilitiesandhttps://dev.splunk.com/enterprise/docs/developapps/createapps/addnavsplunkapp/
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.