Advisory ID: SVD-2025-1210 CVE ID: CVE-2025-20381 Published: 2025-12-03 Last Update: 2025-12-03 CVSSv3.1 Score: 5.4, Medium CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CWE: CWE-863 Bug ID: VULN-41183 Description: In Splunk MCP Server app versions below 0.2.4, a user with access to the “run_splunk_query” Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions. Solution: Upgrade Splunk MCP Server to version 0.2.4 or higher. See Splunk MCP Server releases. Product Status: Mitigations and Workarounds: Turn off the Splunk MCP Server app. See Manage app and add-on objects. Detections: None Severity: Splunk rates this vulnerability a 5.4, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. If you do not use the Splunk MCP Server, then there should be no impact and the severity would be Informational.