CVE-2025-20229Improper Access Control in Cloud Platform

CWE-284Improper Access ControlCWE-863Incorrect Authorization4 documents4 sources
Severity
8.0HIGHNVD
EPSS
0.7%
top 26.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedMar 26
Latest updateMar 27

Description

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.3.24089.3.2408.104+3
NVDsplunk/splunk_cloud_platform9.1.23129.1.2312.208+3
CVEListV5splunk/splunk_enterprise9.49.4.0+3
NVDsplunk/splunk9.1.09.1.8+3

🔴Vulnerability Details

2
GHSA
GHSA-wx8m-x35g-mf6x: In Splunk Enterprise versions below 92025-03-27
CVEList
Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise2025-03-26

📋Vendor Advisories

1
Microsoft
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat f2021-02-09
CVE-2025-20229 — Improper Access Control in Splunk | cvebase