Splunk has released patches for multiple vulnerabilities, including two high-severity flaws in Splunk Enterprise and the Secure Gateway App. One is a remote code execution (RCE) bug (CVE-2025-20229, CVSS 8.0) caused by a missing authorization check, affecting Splunk Enterprise versions up to 9.4.0. The other is an information disclosure issue exposing user session tokens in logs, impacting Splunk Secure Gateway. Fixes are available in Splunk Enterprise versions 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Secure Gateway versions 3.8.38 and 3.7.23. Splunk also addressed medium and low-severity flaws across various applications and advises users to update immediately. More details can be found on Splunk’s security advisories page.

‍