Splunk: Splunk Patches Dozens of Vulnerabilities

Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. Splunk on Wednesday announced patches for dozens of vulnerabilities across its products, including two high-severity flaws in Splunk Enterprise and Secure Gateway App. The enterprise monitoring solution received patches for a remote code execution (RCE) bug that could be exploited by low-privileged users by uploading a file to the '$SPLUNK_HOME/var/run/splunk/apptemp' directory. Tracked as CVE-2025-20229 (CVSS score of 8.0), the security defect is caused by a missing authorization check, and has been addressed with the release of Splunk Enterprise versions 9.4.0, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208. Fixes were also rolled out for a high-severity information disclosure issue impacting both Splunk ...