Splunk on Wednesday announced patches for dozens of vulnerabilities across its products, including two high-severity flaws in Splunk Enterprise and Secure Gateway App.
The enterprise monitoring solution received patches for a remote code execution (RCE) bug that could be exploited by low-privileged users by uploading a file to the ‘$SPLUNK_HOME/var/run/splunk/apptemp’ directory.
Tracked as CVE-2025-20229 (CVSS score of 8.0), the security defect is caused by a missing authorization check, and has been addressed with the release of Splunk Enterprise versions 9.4.0, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208.
Fixes were also rolled out for a high-severity information disclosure issue impacting both Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform, also exploitable by low-privileged users.
“The Splunk Secure Gateway exposes user session and authorization tokens in clear text in the splunk_secure_gateway.log file when it calls the /services/ssg/secrets REST endpoint,” Splunk explains.
According to the company, an attacker could exploit this vulnerability as part of a phishing attack that convinces the victim into “initiating a request within their browser”. The attacker should not be able to exploit the bug at will, Splunk says.
Patches for this flaw were included in Splunk Enterprise versions 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and in Secure Gateway versions 3.8.38 and 3.7.23.
“Splunk Mobile, Spacebridge, and Mission Control rely on functionality in the Splunk Secure Gateway app. If you do not use any of the apps, features, or functionality, as a potential mitigation, you may remove or disable the app,” the company explains.
On Wednesday, Splunk also announced fixes for medium-severity security defects in Splunk Enterprise that could lead to maintenance mode modifications, safeguard bypass, information disclosure, and manipulation of other user data.
Additionally, the company announced the roll-out of patches for a low-severity issue in Splunk App for Lookup Editing and for multiple vulnerabilities in third-party packages in Splunk Enterprise, App for Data Science and Deep Learning App, DB Connect, Infrastructure Monitoring Add-on, and Splunk Add-on for Microsoft Cloud Services.
Splunk makes no mention of any of these vulnerabilities being exploited in the wild. However, users are advised to update their Splunk Enterprise instances and other affected Splunk applications as soon as possible. Additional information can be found on the company’s security advisories page.
Related: Atlassian, Splunk Patch High-Severity Vulnerabilities
Related: Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
Related: Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm
Related: Splunk Patches High-Severity Vulnerabilities in Enterprise Product
