{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:42:23.829","vulnerabilities":[{"cve":{"id":"CVE-2025-20385","sourceIdentifier":"psirt@cisco.com","published":"2025-12-03T17:15:50.910","lastModified":"2025-12-05T18:13:10.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability `admin_all_objects` could craft a malicious payload through the href attribute of an anchor tag within a collection in the navigation bar, which could result in execution of unauthorized JavaScript code in the browser of a user."},{"lang":"es","value":"En las versiones de Splunk Enterprise anteriores a 10.0.2, 9.4.6, 9.3.8 y 9.2.10, y en las versiones de Splunk Cloud Platform anteriores a 10.1.2507.6, 10.0.2503.7 y 9.3.2411.117, un usuario que posee un rol con una capacidad de alto privilegio 'admin_all_objects' podría crear una carga útil maliciosa a través del atributo href de una etiqueta de anclaje dentro de una colección en la barra de navegación, lo que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.2.0","versionEndExcluding":"9.2.10","matchCriteriaId":"AE8BF109-2B9C-4C50-AC9F-10A45456FD75"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.8","matchCriteriaId":"05D6973D-D965-42D3-8320-AF4A4B424E6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.4.0","versionEndExcluding":"9.4.6","matchCriteriaId":"8571F470-6AE1-4737-B1FA-49121E426AF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.2","matchCriteriaId":"4413D4BE-F225-4C28-B401-EB46D8F34160"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.2411","versionEndExcluding":"9.3.2411.117","matchCriteriaId":"055D722F-3C2C-45FF-B44F-FD73820F2A78"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.2503","versionEndExcluding":"10.0.2503.7","matchCriteriaId":"B89283BD-7B81-43D8-84D3-0D9B744E5824"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.2507","versionEndExcluding":"10.1.2507.6","matchCriteriaId":"C54FA9B3-9E2A-4D99-8432-C39D3EC79507"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2025-1204","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}