InfoSecBulletin Cybersecurity for mankind
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead to remote code execution and unauthorized access to sensitive information.
CVE-2025-20229: Remote Code Execution via Unauthorized File Upload (CVSS 8.0):
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
CVE-2025-20229 highlights that low-privileged users can pose significant risks by enabling them to execute arbitrary code remotely through uploading malicious files to a specific server directory. The vulnerability stems from missing authorization checks in the file upload process to: $SPLUNK_HOME/var/run/splunk/apptemp.
According to the official Splunk advisory:
“A low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through a file upload […] due to missing authorization checks.”
Impacted versions include:
Splunk Enterprise: 9.1.0 to 9.1.7, 9.2.0 to 9.2.4, 9.3.0 to 9.3.2
Splunk Cloud Platform: Various builds prior to 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
Users are advised that updates are available in Splunk Enterprise versions 9.1.8, 9.2.5, 9.3.3, and 9.4.0.
