CVE-2025-20229

216.73.216.233

· Published 26/03/2025 22:15 · Modified 27/03/2025 16:45

Labels: CVE-2025-20229 2025-03-26 CVE-2025-20229 CWE-284 [email protected]

Essential information

Published: 26/03/2025 22:15
Modified: 27/03/2025 16:45
Author: —
Creator: —
CVSS: 8.0 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
splunk / splunk enterprise	`cpe:2.3:a:splunk:splunk_enterprise:<9.3.3:::::::*`
splunk / splunk enterprise	`cpe:2.3:a:splunk:splunk_enterprise:<9.2.5:::::::*`
splunk / splunk enterprise	`cpe:2.3:a:splunk:splunk_enterprise:<9.1.8:::::::*`
splunk / splunk cloud platform	`cpe:2.3:a:splunk:splunk_cloud_platform:<9.3.2408.104:::::::*`
splunk / splunk cloud platform	`cpe:2.3:a:splunk:splunk_cloud_platform:<9.2.2406.108:::::::*`
splunk / splunk cloud platform	`cpe:2.3:a:splunk:splunk_cloud_platform:<9.2.2403.114:::::::*`
splunk / splunk cloud platform	`cpe:2.3:a:splunk:splunk_cloud_platform:<9.1.2312.208:::::::*`