Offcanvas

When Should We Call You?

Edit Template

What You Need To Know a Critical Vulnerabilities In Splunk ?

Critical Vulnerabilities in SPLUNK
Spread the love

Splunk recently issued a security advisory detailing multiple high-severity vulnerabilities affecting Splunk EnterpriseSplunk Cloud Platform, and Splunk Secure Gateway. These vulnerabilities pose significant risks, including remote code execution (RCE) and information disclosure, potentially allowing attackers to compromise sensitive data or take control of affected systems.

Affected Systems

The vulnerabilities impact the following versions:

  • Splunk Enterprise :
    • Versions 9.1.0 to 9.1.7
    • Versions 9.2.0 to 9.2.4
    • Versions 9.3.0 to 9.3.2
    • All versions prior to 9.4.1, 9.3.3, 9.2.5, and 9.1.8
  • Splunk Cloud Platform :
    • Versions earlier than 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
  • Splunk Secure Gateway :
    • Versions earlier than 3.8.38 and 3.7.23

Key Vulnerabilities

  1. CVE-2025-20229: Remote Code Execution (RCE)
  • CVSS Score : 8.0 (High)
  • Description : This vulnerability could allow an authenticated remote attacker to execute arbitrary code by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory.
  • Impact : Attackers could gain full control over the affected system, leading to data breaches or further network compromise.
  1. CVE-2025-20231 : Information Disclosure
  • CVSS Score : 7.1 (High)
  • Description : Splunk Secure Gateway exposes user session and authorization tokens in plaintext within the splunk_secure_gateway.log file when interacting with the /services/ssg/secrets endpoint.
  • Impact : Attackers could steal sensitive credentials or session tokens, potentially leading to unauthorized access.

Recommended Solutions

  1. Apply Updates Immediately

Upgrade to the latest patched versions:

  • Splunk Enterprise : 9.4.1, 9.3.3, 9.2.5, or 9.1.8 and later.
  • Splunk Cloud Platform : 9.3.2408.104, 9.2.2406.108, or 9.1.2312.208.
  • Splunk Secure Gateway : 3.8.38 or 3.7.23 and later.

Download updates from the official Splunk website: https://www.splunk.com.

  1. Temporary Workaround for CVE-2025-20231

If Splunk Secure Gateway is not in use, Splunk recommends disabling it as a temporary mitigation.

Additional Resources

For more details, refer to Splunk’s official advisories:

Final Thoughts

These vulnerabilities underscore the importance of timely patch management and robust security practices. Organizations using Splunk should prioritize applying these updates to mitigate potential risks. Stay vigilant and ensure your systems are protected against emerging threats.

For further updates, follow Splunk’s security bulletins or subscribe to cybersecurity news feeds.

Stay secure! 🔒


Spread the love
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

    Popular Articles

    TIC

    Explore Now

    Most Recent Posts

    • All Post
    • Active Directory
    • azure
    • Azure Cloud
    • Azure Infrastructure
    • Azure Patch
    • Azure Security
    • Cloud
    • Cloud Computing
    • Exchange Server
    • Manage M365
    • Messaging
    • Microsoft
    • Microsoft 365
    • Microsoft Purview
    • News
    • Patch Tuesday
    • Request Call
    • Security
    • Security M365
    • Websites
    • Windows Server
    • Windows Server Patch
    Like Us
    Follow Us
    Subscribe Us
    Follow Us