- 69/2025
- High
Splunk has released security updates to fix multiple vulnerabilities affecting several Splunk products and third-party components.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, gain elevated privileges, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Code Execution Vulnerability through File Upload in Splunk Enterprise (CVE-2025-20229):
- CVSS: 8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Access
2. Information Disclosure Vulnerability in Splunk Secure Gateway App (CVE2025-20231):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Consequences: Obtain Information
Sample of the affected products:
- Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8.
- Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208.
- Splunk Secure Gateway app on Splunk Cloud Platform versions below 3.8.38 and 3.7.23.
Vulnerabilities
- CVE-2025-20233
- CVE-2025-20232
- CVE-2025-20231
- CVE-2025-20230
- CVE-2025-20229
- CVE-2025-20228
- CVE-2025-20227
- CVE-2025-20226
- CVE-2025-22621
- CVE-2025-0367
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.