CVE-2025-20229

Published: Mar 26, 2025Modified: Jul 21, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: psirt@cisco.com (Secondary)

Description

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

Affected (8)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.1.0 to 9.1.8
Splunk Splunk	From 9.2.0 to 9.2.5
Splunk Splunk	From 9.3.0 to 9.3.3
Splunk Splunk	Version 9.4.0
Splunk Splunk Cloud Platform	From 9.1.2312 to 9.1.2312.208
Splunk Splunk Cloud Platform	From 9.2.2403 to 9.2.2403.114
Splunk Splunk Cloud Platform	From 9.2.2406.100 to 9.2.2406.108
Splunk Splunk Cloud Platform	From 9.3.2408.100 to 9.3.2408.104

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-0301

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.