Splunk has suffered a security incident due to two separate high-severity vulnerabilities. The first vulnerability enables RCE, allowing low-privileged users to execute arbitrary code through malicious file uploads, affecting Splunk Enterprise and Splunk Cloud Platform before certain versions. The second vulnerability affects the Splunk Secure Gateway app, where users can search with higher-privileged permissions, leading to potential unauthorized disclosure of sensitive information. Both issues have been patched, with suggested updates provided to Splunk users to remediate the risk. The security flaws highlight the critical importance of maintaining updated systems and monitoring access control within corporate environments to prevent data breaches and maintain operational integrity.
Source: https://cybersecuritynews.com/splunk-rce-vulnerability-arbitrary-code/
"id": "spl355032725",
"linkid": "splunk",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"