InfoSecBulletin Cybersecurity for mankind
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead to remote code execution and unauthorized access to sensitive information.
CVE-2025-20229: Remote Code Execution via Unauthorized File Upload (CVSS 8.0):
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext
CyberVolk Ransomware Attacks CII In Japan, France, and UK
Microsoft warns of active directory and office vulnarability
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
CVE-2025-20229 highlights that low-privileged users can pose significant risks by enabling them to execute arbitrary code remotely through uploading malicious files to a specific server directory. The vulnerability stems from missing authorization checks in the file upload process to: $SPLUNK_HOME/var/run/splunk/apptemp.
According to the official Splunk advisory:
“A low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through a file upload […] due to missing authorization checks.”
Impacted versions include:
Splunk Enterprise: 9.1.0 to 9.1.7, 9.2.0 to 9.2.4, 9.3.0 to 9.3.2
Splunk Cloud Platform: Various builds prior to 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
Users are advised that updates are available in Splunk Enterprise versions 9.1.8, 9.2.5, 9.3.3, and 9.4.0.
