Medium severity5.4NVD Advisory· Published Dec 3, 2025· Updated Apr 15, 2026
CVE-2025-20381
CVE-2025-20381
Description
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <0.2.4
- Range: <0.2.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.