Offcanvas

When Should We Call You?

Edit Template

Critical Vulnerabilities In Splunk What You Need To Know?

Spread the love

Splunk recently issued a security advisory detailing multiple high-severity vulnerabilities affecting Splunk EnterpriseSplunk Cloud Platform, and Splunk Secure Gateway. These vulnerabilities pose significant risks, including remote code execution (RCE) and information disclosure, potentially allowing attackers to compromise sensitive data or take control of affected systems.

Affected Systems

The vulnerabilities impact the following versions:

  • Splunk Enterprise :
    • Versions 9.1.0 to 9.1.7
    • Versions 9.2.0 to 9.2.4
    • Versions 9.3.0 to 9.3.2
    • All versions prior to 9.4.1, 9.3.3, 9.2.5, and 9.1.8
  • Splunk Cloud Platform :
    • Versions earlier than 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208
  • Splunk Secure Gateway :
    • Versions earlier than 3.8.38 and 3.7.23

Key Vulnerabilities

  1. CVE-2025-20229: Remote Code Execution (RCE)
  • CVSS Score : 8.0 (High)
  • Description : This vulnerability could allow an authenticated remote attacker to execute arbitrary code by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory.
  • Impact : Attackers could gain full control over the affected system, leading to data breaches or further network compromise.
  1. CVE-2025-20231 : Information Disclosure
  • CVSS Score : 7.1 (High)
  • Description : Splunk Secure Gateway exposes user session and authorization tokens in plaintext within the splunk_secure_gateway.log file when interacting with the /services/ssg/secrets endpoint.
  • Impact : Attackers could steal sensitive credentials or session tokens, potentially leading to unauthorized access.

Recommended Solutions

  1. Apply Updates Immediately

Upgrade to the latest patched versions:

  • Splunk Enterprise : 9.4.1, 9.3.3, 9.2.5, or 9.1.8 and later.
  • Splunk Cloud Platform : 9.3.2408.104, 9.2.2406.108, or 9.1.2312.208.
  • Splunk Secure Gateway : 3.8.38 or 3.7.23 and later.

Download updates from the official Splunk website: https://www.splunk.com.

  1. Temporary Workaround for CVE-2025-20231

If Splunk Secure Gateway is not in use, Splunk recommends disabling it as a temporary mitigation.

Additional Resources

For more details, refer to Splunk’s official advisories:

Final Thoughts

These vulnerabilities underscore the importance of timely patch management and robust security practices. Organizations using Splunk should prioritize applying these updates to mitigate potential risks. Stay vigilant and ensure your systems are protected against emerging threats.

For further updates, follow Splunk’s security bulletins or subscribe to cybersecurity news feeds.

Stay secure! 🔒


Spread the love

Leave a Reply

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Popular Articles

Most Recent Posts

  • All Post
  • Active Directory
  • Azure
  • Azure Cloud
  • Azure Infrastructure
  • Azure Patch
  • Azure Security
  • Cloud
  • Cloud Computing
  • Entertinment
  • Exchange Server
  • Manage M365
  • Messaging
  • Microsoft
  • Microsoft 365
  • Microsoft Purview
  • News
  • Patch Tuesday
  • Request Call
  • Security
  • Security M365
  • Websites
  • Windows Server
  • Windows Server Patch

Information

Disclaimer

Privacy Statement

Terms of Service

ThankYou