Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Secure Gateway app versions below 3.8.38 and 3.7.23 on Splunk Cloud Platform. The Splunk Secure Gateway exposes user session and authorization tokens in clear text within the splunk_secure_gateway.log file when calling the /services/ssg/secrets REST endpoint. In addition to the RCE vulnerability, Splunk disclosed a separate high-severity vulnerability affecting the Splunk Secure Gateway app. To remediate the vulnerability, Splunk recommends upgrading Splunk Enterprise to versions 9.4.0, 9.3.3, 9.2.5, 9.1.8, or later. Users can disable the Splunk Secure Gateway App as a workaround, though this may impact functionality for Splunk Mobile, Spacebridge, and Mission Control users. Splunk encourages customers to stay informed about security updates and apply patches promptly to protect their systems from potential exploits. For Splunk Cloud Platform users, Splunk is actively monitoring and patching instances. To address this issue, Splunk advises upgrading Splunk Enterprise to versions 9.4.1, 9.3.3, 9.2.5, and 9.1.8 or later. Splunk is also actively patching Splunk Cloud Platform instances. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. This vulnerability, identified as CVE-2025-20231, could allow a low-privileged user to search using the permissions of a higher-privileged user, potentially leading to sensitive information disclosure.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 03:15:17 +0000