Summary: Splunk has issued a security advisory regarding critical vulnerabilities affecting both Splunk Enterprise and Splunk Cloud Platform, which could lead to remote code execution and sensitive information disclosure. The vulnerabilities, identified as CVE-2025-20229 and CVE-2025-20231, require immediate attention through patches and upgrades. Organizations are urged to review user access controls, particularly for low-privileged users, to mitigate risks.
Affected: Splunk Enterprise, Splunk Cloud Platform
Keypoints :
- CVE-2025-20229 allows low-privileged users to perform remote code execution through unauthorized file uploads due to missing authorization checks.
- CVE-2025-20231 exposes user session tokens in cleartext, potentially allowing attackers to impersonate users and access sensitive data.
- Immediate upgrades to versions 9.1.8, 9.2.5, 9.3.3, and 9.4.0 for Splunk Enterprise are recommended to close the vulnerabilities.
Source: https://securityonline.info/splunk-alert-rce-and-data-leak-vulnerabilities-threaten-platforms/