Request a Demo
Rewterz
Microsoft Fixes Windows LNK 0-Day Exploit
December 5, 2025
Rewterz
MeterPreter Malware – Active IOCs
December 5, 2025

Multiple Cisco Splunk Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-20387 CVSS:8

Splunk Universal Forwarder for Windows could allow a remote authenticated attacker to access the directory and all its contents, caused by an incorrect permission assignment flaw in the Universal Forwarder for Windows Installation directory.

CVE-2025-20381 CVSS:5.4

Splunk MCP Server could allow a remote authenticated attacker to bypass the SPL command allowlist controls in Model Context Protocol (MCP), caused by a flaw when embedding SPL commands as sub-searches.

CVE-2025-20385 CVSS:2.4

Splunk Enterprise and Splunk Cloud Platform are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the href attribute of an anchor tag within a collection in the navigation bar.

CVE-2025-20386 CVSS:8

Splunk Enterprise could allow a remote authenticated attacker to access the directory and all its contents, caused by an incorrect permission assignment flaw.

CVE-2025-20388 CVSS:2.7

Splunk Enterprise and Splunk Cloud Platform are vulnerable to server-side request forgery, caused by a flaw in the Distributed Search Peers.

CVE-2025-20389 CVSS:4.3

Splunk Enterprise and Splunk Cloud Platform are vulnerable to a denial of service, caused by improper validation of label column field.

CVE-2025-20384 CVSS:5.3

Splunk Enterprise and Splunk Cloud Platform could allow a remote attacker to poison, forge, or obfuscate sensitive log data, caused by improper input validation by the /en-US/static/ web endpoint.

CVE-2025-20382 CVSS:3.5

Splunk Enterprise and Splunk Cloud Platform could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability when creating a views dashboard with a custom background using the data:image/png;base64 protocol.

CVE-2025-20383 CVSS:4.3

Splunk Enterprise and Splunk Cloud Platform could allow a remote authenticated attacker to obtain the title and description of the report or alert information, caused by improper access control in push notifications.

Impact

  • Denial of Service
  • Gain Access
  • Security Bypass
  • Cross-Site Scripting
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2025-20387
  • CVE-2025-20381
  • CVE-2025-20385
  • CVE-2025-20386
  • CVE-2025-20388
  • CVE-2025-20389
  • CVE-2025-20384
  • CVE-2025-20382
  • CVE-2025-20383

Affected Vendors

  • Cisco

Affected Products

  • Splunk Universal Forwarder for Windows 10.0
  • Splunk Universal Forwarder for Windows 9.4
  • Splunk Universal Forwarder for Windows 9.3
  • Splunk Universal Forwarder for Windows 9.2
  • Splunk MCP Server 0.2
  • Splunk Enterprise 10.0
  • Splunk Enterprise 9.4
  • Splunk Enterprise 9.3
  • Splunk Enterprise 9.2
  • Splunk Cloud Platform 10.1.2507
  • Splunk Cloud Platform 10.0.2503
  • Splunk Cloud Platform 9.3.2411
  • Splunk Secure Gateway 3.9
  • Splunk Secure Gateway 3.8
  • Splunk Secure Gateway 3.7

Remediation

Refer to Cisco Splunk Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-20387

CVE-2025-20381

CVE-2025-20385

CVE-2025-20386

CVE-2025-20388

CVE-2025-20389

CVE-2025-20384

CVE-2025-20382

CVE-2025-20383