Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload

Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Secure Gateway app versions below 3.8.38 and 3.7.23 on Splunk Cloud Platform. The Splunk Secure Gateway exposes user session and authorization tokens in clear text within the splunk_secure_gateway.log file when calling the /services/ssg/secrets REST endpoint. In addition to the RCE vulnerability, Splunk disclosed a separate high-severity vulnerability affecting the Splunk Secure Gateway app. To remediate the vulnerability, Splunk recommends upgrading Splunk Enterprise to versions 9.4.0, 9.3.3, 9.2.5, 9.1.8, or later. Users can disable the Splunk Secure Gateway App as a workaround, though this may impact functionality for Splunk Mobile, Spacebridge, and Mission Control users. Splunk encourages customers to stay informed about security updates and apply patches promptly to protect their systems from potential exploits. For Splunk Cloud Platform users, Splunk is actively monitoring and patching instances. To address this issue, Splunk advises upgrading Splunk Enterprise to versions 9.4.1, 9.3.3, 9.2.5, and 9.1.8 or later. Splunk is also actively patching Splunk Cloud Platform instances. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability, identified as CVE-2025-20229, could allow a low-privileged user to execute arbitrary code by uploading malicious files. This vulnerability, identified as CVE-2025-20231, could allow a low-privileged user to search using the permissions of a higher-privileged user, potentially leading to sensitive information disclosure.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 03:15:17 +0000


Cyber News related to Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload

Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload - Splunk has released patches to address a high-severity Remote Code Execution (RCE) vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. The vulnerability impacts Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and ...
3 days ago Cybersecuritynews.com CVE-2025-20229
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
8 months ago Securityweek.com CVE-2024-36985 CVE-2024-36984
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
8 months ago Packetstormsecurity.com CVE-2024-36985 CVE-2024-36984
CVE-2022-32152 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
2 years ago
CVE-2022-32153 - Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured ...
2 years ago
CVE-2022-32151 - The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform ...
2 years ago
CVE-2022-32156 - In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure ...
2 years ago
CVE-2016-4858 - Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk ...
7 years ago
CVE-2016-4859 - Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk ...
7 years ago
Cisco Completes $28 Billion Acquisition of Splunk - Cisco on Monday completed its $28 billion acquisition of Splunk. The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. Cisco plans to ...
1 year ago Securityweek.com
From the SIEM to the Lake: Bridging the Gap for Splunk Customers Post-Acquisition - The smoke has cleared on Cisco's largest acquisition ever: that of Splunk for $28 billion in September. This acquisition has added a new layer of uncertainty for users, many of which were already wondering what the future holds for threat detection ...
1 year ago Cyberdefensemagazine.com
CVE-2024-45736 - In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could ...
5 months ago
Panther Labs introduces Security Data Lake Search and Splunk Integration capabilities - These offerings mark a critical leap forward in managing security risks in today's cloud-first landscape. As organizations race to implement machine learning capabilities, they're increasingly reliant on decentralized, cloud-based data stores and ...
1 year ago Helpnetsecurity.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
Inspiring Innovation at Cisco Live Las Vegas 2024 - Being in the technology industry means we've all had a front-row seat to witness tectonic shifts such as the inception of the internet and now Cisco will impact that level of change again. To assist you in this journey at Cisco Live, and beyond, is ...
9 months ago Feedpress.me Inception
CVE-2023-4571 - In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application ...
1 year ago
CVE-2023-32712 - In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at ...
1 year ago
CVE-2024-45734 - In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk ...
5 months ago
Cisco Routers Exposed to Remote Code Execution (RCE) Attacks: How to Protect Your Network - Protecting networks from remote code execution (RCE) attacks is now more important than ever, as thousands of end-of-life Cisco routers are exposed to these vulnerabilities. On June 10, 2020 research revealed that over 19,000 Cisco devices were still ...
2 years ago Bleepingcomputer.com
CVE-2021-3422 - The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before ...
1 year ago
CVE-2024-45735 - In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles ...
5 months ago
CVE-2024-53243 - In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles ...
3 months ago Tenable.com
Splunk Joins Cisco: Our Partner Ecosystems Just Got Even Stronger - We're looking forward to this exciting new chapter of our journey together - and it couldn't have come at a better time. In today's digital world, organizations need to connect the people, places, apps, data, and devices that power their business, ...
1 year ago Feedpress.me
CVE-2025-20230 - In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles ...
2 days ago
CVE-2025-20229 - In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" ...
3 days ago

Latest Cyber News


Cyber Trends (last 7 days)