Primary

Context

Splunk Remote Code Execution Vulnerability via Unauthorized File Upload

Vulnerability

Patched

A remote code execution vulnerability has been identified in Splunk Enterprise and Splunk Cloud Platform. In Splunk Enterprise versions prior to 9.3.3, 9.2.5, and 9.1.8, as well as in Splunk Cloud Platform versions prior to 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, low-privileged users without 'admin' or 'power' roles could exploit missing authorization checks to upload files to the '$SPLUNK_HOME/var/run/splunk/apptemp' directory, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users are advised to upgrade Splunk Enterprise to versions 9.4.0, 9.3.3, 9.2.5, 9.1.8 or higher. For Splunk Cloud Platform, no action is required as Splunk is actively monitoring and patching instances.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Remote Code Execution Vulnerability via Unauthorized File Upload

Vulnerability

Impact

Remediation

Affected Products

Splunk

Splunk Cloud Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating