Splunk recently issued a security advisory detailing multiple high-severity vulnerabilities affecting Splunk Enterprise, Splunk Cloud Platform, and Splunk Secure Gateway. These vulnerabilities pose significant risks, including remote code execution (RCE) and information disclosure, potentially allowing attackers to compromise sensitive data or take control of affected systems.
Affected Systems
The vulnerabilities impact the following versions:
- Splunk Enterprise :
- Versions 9.1.0 to 9.1.7
- Versions 9.2.0 to 9.2.4
- Versions 9.3.0 to 9.3.2
- All versions prior to 9.4.1, 9.3.3, 9.2.5, and 9.1.8
- Splunk Cloud Platform :
- Versions earlier than 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
- Splunk Secure Gateway :
- Versions earlier than 3.8.38 and 3.7.23
Key Vulnerabilities
- CVE-2025-20229: Remote Code Execution (RCE)
- CVSS Score : 8.0 (High)
- Description : This vulnerability could allow an authenticated remote attacker to execute arbitrary code by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory.
- Impact : Attackers could gain full control over the affected system, leading to data breaches or further network compromise.
- CVE-2025-20231 : Information Disclosure
- CVSS Score : 7.1 (High)
- Description : Splunk Secure Gateway exposes user session and authorization tokens in plaintext within the splunk_secure_gateway.log file when interacting with the /services/ssg/secrets endpoint.
- Impact : Attackers could steal sensitive credentials or session tokens, potentially leading to unauthorized access.
Recommended Solutions
- Apply Updates Immediately
Upgrade to the latest patched versions:
- Splunk Enterprise : 9.4.1, 9.3.3, 9.2.5, or 9.1.8 and later.
- Splunk Cloud Platform : 9.3.2408.104, 9.2.2406.108, or 9.1.2312.208.
- Splunk Secure Gateway : 3.8.38 or 3.7.23 and later.
Download updates from the official Splunk website: https://www.splunk.com.
- Temporary Workaround for CVE-2025-20231
If Splunk Secure Gateway is not in use, Splunk recommends disabling it as a temporary mitigation.
Additional Resources
For more details, refer to Splunk’s official advisories:
Final Thoughts
These vulnerabilities underscore the importance of timely patch management and robust security practices. Organizations using Splunk should prioritize applying these updates to mitigate potential risks. Stay vigilant and ensure your systems are protected against emerging threats.
For further updates, follow Splunk’s security bulletins or subscribe to cybersecurity news feeds.
Stay secure! 
