Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
March 27, 2025 By Ionut Arghire
Splunk on Wednesday announced patches for dozens of vulnerabilities across its products, including two high-severity flaws in Splunk Enterprise and Secure Gateway App.
The enterprise monitoring solution received patches for a remote code execution (RCE) bug that could be exploited by low-privileged users by uploading a file to the ‘$SPLUNK_HOME/var/run/splunk/apptemp’ directory.
Tracked as CVE-2025-20229 (CVSS score of 8.0), the security defect is caused by a missing authorization check, and has been addressed with the release of Splunk Enterprise versions 9.4.0, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208.
Fixes were also rolled out for a high-severity information disclosure issue impacting both Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform, also exploitable by low-privileged users.