CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20229 – Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20229
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. • https://advisory.splunk.com/advisories/SVD-2025-0301 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2025-20227 – Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio
https://notcve.org/view.php?id=CVE-2025-20227
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure. • https://advisory.splunk.com/advisories/SVD-2025-0306 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20226 – Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20226
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter. The vulnerability requires the attacker to phish the victim by tric... • https://advisory.splunk.com/advisories/SVD-2025-0305 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20231 – Sensitive Information Disclosure in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20231
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authentica... • https://advisory.splunk.com/advisories/SVD-2025-0302 • CWE-532: Insertion of Sensitive Information into Log File •