{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:15:20.952","vulnerabilities":[{"cve":{"id":"CVE-2025-20229","sourceIdentifier":"psirt@cisco.com","published":"2025-03-26T22:15:14.933","lastModified":"2025-07-21T20:49:49.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk Enterprise versions below 9.3.3, 9.2.5,  and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the \"$SPLUNK_HOME/var/run/splunk/apptemp\" directory due to missing authorization checks."},{"lang":"es","value":"En las versiones de Splunk Enterprise anteriores a 9.3.3, 9.2.5 y 9.1.8, y en las versiones de Splunk Cloud Platform anteriores a 9.3.2408.104, 9.2.2406.108, 9.2.2403.114 y 9.1.2312.208, un usuario con privilegios bajos que no tenga los roles de Splunk \"admin\" o \"power\" podría realizar una ejecución remota de código (RCE) a través de una carga de archivo al directorio \"$SPLUNK_HOME/var/run/splunk/apptemp\" debido a comprobaciones de autorización faltantes."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.1.0","versionEndExcluding":"9.1.8","matchCriteriaId":"49EE75F0-2AD6-4712-9E2A-C000A44E5605"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.2.0","versionEndExcluding":"9.2.5","matchCriteriaId":"5B7E20B1-E38E-4F5E-9F89-41FD4C231742"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"9.3.0","versionEndExcluding":"9.3.3","matchCriteriaId":"E66E66BA-AFC2-4E0A-B233-9E2C7D985AF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:9.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"AD39F156-52DB-4F43-8528-37500E3AEB89"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.2312","versionEndExcluding":"9.1.2312.208","matchCriteriaId":"CE9FAFD0-7787-425C-81D9-705E99B53E6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.2403","versionEndExcluding":"9.2.2403.114","matchCriteriaId":"6FCABD9B-90B7-4AAE-AA02-4DAA31D8B397"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.2.2406.100","versionEndExcluding":"9.2.2406.108","matchCriteriaId":"41B20845-FE28-45ED-9B2D-499506F527FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"9.3.2408.100","versionEndExcluding":"9.3.2408.104","matchCriteriaId":"C5EAD373-D535-44CD-AF6C-023A99EA35B7"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2025-0301","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}