CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.6%

CVSS Severity

CVSS v3 Score 8.0

References

https://advisory.splunk.com/advisories/SVD-2025-0301

Products affected by CVE-2025-20229

Splunk » Splunk » Version: 9.1.0

cpe:2.3:a:splunk:splunk:9.1.0
Splunk » Splunk » Version: 9.1.0.1

cpe:2.3:a:splunk:splunk:9.1.0.1
Splunk » Splunk » Version: 9.1.0.2

cpe:2.3:a:splunk:splunk:9.1.0.2
Splunk » Splunk » Version: 9.1.1

cpe:2.3:a:splunk:splunk:9.1.1
Splunk » Splunk » Version: 9.1.2

cpe:2.3:a:splunk:splunk:9.1.2
Splunk » Splunk » Version: 9.1.3

cpe:2.3:a:splunk:splunk:9.1.3
Splunk » Splunk » Version: 9.1.4

cpe:2.3:a:splunk:splunk:9.1.4
Splunk » Splunk » Version: 9.1.5

cpe:2.3:a:splunk:splunk:9.1.5
Splunk » Splunk » Version: 9.1.6

cpe:2.3:a:splunk:splunk:9.1.6
Splunk » Splunk » Version: 9.1.7

cpe:2.3:a:splunk:splunk:9.1.7
Splunk » Splunk » Version: 9.2.0

cpe:2.3:a:splunk:splunk:9.2.0
Splunk » Splunk » Version: 9.2.1

cpe:2.3:a:splunk:splunk:9.2.1
Splunk » Splunk » Version: 9.2.2

cpe:2.3:a:splunk:splunk:9.2.2
Splunk » Splunk » Version: 9.2.3

cpe:2.3:a:splunk:splunk:9.2.3
Splunk » Splunk » Version: 9.2.4

cpe:2.3:a:splunk:splunk:9.2.4
Splunk » Splunk » Version: 9.3.0

cpe:2.3:a:splunk:splunk:9.3.0
Splunk » Splunk » Version: 9.3.1

cpe:2.3:a:splunk:splunk:9.3.1
Splunk » Splunk » Version: 9.3.2

cpe:2.3:a:splunk:splunk:9.3.2
Splunk » Splunk » Version: 9.4.0

cpe:2.3:a:splunk:splunk:9.4.0
Splunk » Splunk Cloud Platform » Version: 9.1.2312

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312
Splunk » Splunk Cloud Platform » Version: 9.1.2312.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.100
Splunk » Splunk Cloud Platform » Version: 9.1.2312.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.108
Splunk » Splunk Cloud Platform » Version: 9.1.2312.109

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.109
Splunk » Splunk Cloud Platform » Version: 9.1.2312.204

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.204
Splunk » Splunk Cloud Platform » Version: 9.1.2312.206

cpe:2.3:a:splunk:splunk_cloud_platform:9.1.2312.206
Splunk » Splunk Cloud Platform » Version: 9.2.2403

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403
Splunk » Splunk Cloud Platform » Version: 9.2.2403.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.100
Splunk » Splunk Cloud Platform » Version: 9.2.2403.107

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.107
Splunk » Splunk Cloud Platform » Version: 9.2.2403.108

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.108
Splunk » Splunk Cloud Platform » Version: 9.2.2403.109

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.109
Splunk » Splunk Cloud Platform » Version: 9.2.2403.111

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.111
Splunk » Splunk Cloud Platform » Version: 9.2.2403.113

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2403.113
Splunk » Splunk Cloud Platform » Version: 9.2.2406.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2406.100
Splunk » Splunk Cloud Platform » Version: 9.2.2406.106

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2406.106
Splunk » Splunk Cloud Platform » Version: 9.2.2406.107

cpe:2.3:a:splunk:splunk_cloud_platform:9.2.2406.107
Splunk » Splunk Cloud Platform » Version: 9.3.2408.100

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.100
Splunk » Splunk Cloud Platform » Version: 9.3.2408.101

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.101
Splunk » Splunk Cloud Platform » Version: 9.3.2408.103

cpe:2.3:a:splunk:splunk_cloud_platform:9.3.2408.103

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-20229

Products

Pricing

Contact Us