Summary: Splunk has released patches addressing multiple vulnerabilities in its products, including high-severity flaws in Splunk Enterprise and the Secure Gateway App. The updates notably fix a remote code execution vulnerability that could be exploited by low-privileged users and an information disclosure issue related to user session tokens. Users are encouraged to update their instances as soon as possible to mitigate these risks.
Affected: Splunk Enterprise, Splunk Secure Gateway App, Splunk Cloud Platform
Keypoints :
- Fixes include a remote code execution vulnerability (CVE-2025-20229) allowing upload of malicious files, with a CVSS score of 8.0.
- Information disclosure flaw that exposes user session tokens in clear text, potentially allowing phishing attacks.
- Medium- and low-severity vulnerabilities affecting other Splunk applications also addressed; users advised to update promptly.
Source: https://www.securityweek.com/splunk-patches-dozens-of-vulnerabilities/