InfoSecBulletin Cybersecurity for mankind
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead to remote code execution and unauthorized access to sensitive information.
CVE-2025-20229: Remote Code Execution via Unauthorized File Upload (CVSS 8.0):
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
CVE-2025-20229 highlights that low-privileged users can pose significant risks by enabling them to execute arbitrary code remotely through uploading malicious files to a specific server directory. The vulnerability stems from missing authorization checks in the file upload process to: $SPLUNK_HOME/var/run/splunk/apptemp.
According to the official Splunk advisory:
“A low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through a file upload […] due to missing authorization checks.”
Impacted versions include:
Splunk Enterprise: 9.1.0 to 9.1.7, 9.2.0 to 9.2.4, 9.3.0 to 9.3.2
Splunk Cloud Platform: Various builds prior to 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
Users are advised that updates are available in Splunk Enterprise versions 9.1.8, 9.2.5, 9.3.3, and 9.4.0.
