RCE and Data Leak Vulnerabilities Patched in Splunk Enterprise and Splunk Cloud Platform
CVE-2025-20229 allows low-privileged users to execute arbitrary code remotely by uploading malicious files. The second flaw, CVE-2025-20231, affects the Splunk Secure Gateway App and leads to the exposure of user session and authorization tokens.