Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead to remote code execution and unauthorized access to sensitive information.
CVE-2025-20229: Remote Code Execution via Unauthorized File Upload (CVSS 8.0):
By infosecbulletin
/ Sunday , July 12 2026
Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
By infosecbulletin
/ Sunday , July 12 2026
Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
By infosecbulletin
/ Sunday , July 12 2026
A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
By infosecbulletin
/ Saturday , July 11 2026
CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
By infosecbulletin
/ Friday , July 10 2026
Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
By infosecbulletin
/ Friday , July 10 2026
A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
By infosecbulletin
/ Thursday , July 9 2026
A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
By infosecbulletin
/ Wednesday , July 8 2026
CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
By infosecbulletin
/ Wednesday , July 8 2026
A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
By infosecbulletin
/ Wednesday , July 8 2026
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CVE-2025-20229 highlights that low-privileged users can pose significant risks by enabling them to execute arbitrary code remotely through uploading malicious files to a specific server directory. The vulnerability stems from missing authorization checks in the file upload process to: $SPLUNK_HOME/var/run/splunk/apptemp.
According to the official Splunk advisory:
“A low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could perform a Remote Code Execution (RCE) through a file upload […] due to missing authorization checks.”
Impacted versions include:
Splunk Enterprise: 9.1.0 to 9.1.7, 9.2.0 to 9.2.4, 9.3.0 to 9.3.2
Splunk Cloud Platform: Various builds prior to 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
Users are advised that updates are available in Splunk Enterprise versions 9.1.8, 9.2.5, 9.3.3, and 9.4.0.