Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload

Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Secure Gateway app versions below 3.8.38 and 3.7.23 on Splunk Cloud Platform. The Splunk Secure Gateway exposes user session and authorization tokens in clear text within the splunk_secure_gateway.log file when calling the /services/ssg/secrets REST endpoint. In addition to the RCE vulnerability, Splunk disclosed a separate high-severity vulnerability affecting the Splunk Secure Gateway app. To remediate the vulnerability, Splunk recommends upgrading Splunk Enterprise to versions 9.4.0, 9.3.3, 9.2.5, 9.1.8, or later. Users can disable the Splunk Secure Gateway App as a workaround, though this may impact functionality for Splunk Mobile, Spacebridge, and Mission Control users. Splunk encourages customers to stay informed about security updates and apply patches promptly to protect their systems from potential exploits. For Splunk Cloud Platform users, Splunk is actively monitoring and patching instances. To address this issue, Splunk advises upgrading Splunk Enterprise to versions 9.4.1, 9.3.3, 9.2.5, and 9.1.8 or later. Splunk is also actively patching Splunk Cloud Platform instances. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. This vulnerability, identified as CVE-2025-20231, could allow a low-privileged user to search using the permissions of a higher-privileged user, potentially leading to sensitive information disclosure.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 03:15:17 +0000

Cyber News related to Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload

Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload - Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and ...
5 months ago Cybersecuritynews.com CVE-2025-20229

Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
1 year ago Securityweek.com CVE-2024-36985 CVE-2024-36984

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-20325 - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster ...
1 month ago

CVE-2022-32152 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
3 years ago

CVE-2022-32153 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
3 years ago

CVE-2022-32151 - The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform ...
3 years ago

CVE-2022-32156 - In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure ...
2 years ago

CVE-2016-4858 - Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk ...
8 years ago

CVE-2016-4859 - Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk ...
8 years ago

Cisco Completes $28 Billion Acquisition of Splunk - Cisco on Monday completed its $28 billion acquisition of Splunk. The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. Cisco plans to ...
1 year ago Securityweek.com

From the SIEM to the Lake: Bridging the Gap for Splunk Customers Post-Acquisition - The smoke has cleared on Cisco's largest acquisition ever: that of Splunk for $28 billion in September. This acquisition has added a new layer of uncertainty for users, many of which were already wondering what the future holds for threat detection ...
1 year ago Cyberdefensemagazine.com

CVE-2024-45736 - In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could ...
10 months ago

CVE-2025-20319 - In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user ...
1 month ago

CVE-2025-20324 - In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles ...
1 month ago

Panther Labs introduces Security Data Lake Search and Splunk Integration capabilities - These offerings mark a critical leap forward in managing security risks in today's cloud-first landscape. As organizations race to implement machine learning capabilities, they're increasingly reliant on decentralized, cloud-based data stores and ...
1 year ago Helpnetsecurity.com

Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com

Inspiring Innovation at Cisco Live Las Vegas 2024 - Being in the technology industry means we've all had a front-row seat to witness tectonic shifts such as the inception of the internet and now Cisco will impact that level of change again. To assist you in this journey at Cisco Live, and beyond, is ...
1 year ago Feedpress.me Inception

CVE-2023-4571 - In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application ...
1 year ago

CVE-2023-32712 - In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at ...
2 years ago

CVE-2024-45734 - In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk ...
10 months ago

Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com

CVE-2021-3422 - The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before ...
1 year ago

CVE-2025-20229 - In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" ...
5 months ago

CVE-2024-45735 - In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles ...
10 months ago