CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2025-0301

Configurations

No configuration.

History

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk Enterprise anteriores a 9.3.3, 9.2.5 y 9.1.8, y en las versiones de Splunk Cloud Platform anteriores a 9.3.2408.104, 9.2.2406.108, 9.2.2403.114 y 9.1.2312.208, un usuario con privilegios bajos que no tenga los roles de Splunk "admin" o "power" podría realizar una ejecución remota de código (RCE) a través de una carga de archivo al directorio "$SPLUNK_HOME/var/run/splunk/apptemp" debido a comprobaciones de autorización faltantes.

26 Mar 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-26 22:15

Updated : 2025-03-27 16:45

NVD link : CVE-2025-20229

Mitre link : CVE-2025-20229

CVE.ORG link : CVE-2025-20229

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

8.0 /10