Security Advisory

CVE-2025-20381

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 17:00:25

Last updated 2025-12-03 21:29:51

Assigner cisco

State PUBLISHED

Description

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.

← Browse all CVEs View on cve.org ↗