Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability.
This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform.
The vulnerability is rated with a CVSSv3.1 score of 8.8, indicating a high severity level that poses a serious risk to organizations relying on these services.
The RCE vulnerability arises from the unsafe deserialization of untrusted data, traced back to insecure usage of the jsonpickle Python library.
This deserialization flaw allows a low-privileged user, who does not possess “admin” or “power” roles, to execute arbitrary code on the affected systems.
Notably, this issue impacts Splunk Enterprise versions before 9.3.2, 9.2.4, and 9.1.7, as well as Splunk Secure Gateway versions below 3.2.461 and 3.7.13.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Affected Products and Versions
To counter this vulnerability, Splunk has advised users to upgrade to the latest secure versions: 9.3.2, 9.2.4, and 9.1.7 for Splunk Enterprise, and 3.7.13 or 3.4.261 for the Splunk Secure Gateway app.
Additionally, Splunk is proactively monitoring and patching instances on the Splunk Cloud Platform to mitigate potential risks.
As an immediate workaround, Splunk recommends disabling the Splunk Secure Gateway app, particularly if the functionalities of Splunk Mobile, Spacebridge, and Mission Control are not in use.
Administrators should manage app and add-on objects to ensure the system’s integrity and security.
This vulnerability underscores the critical importance of keeping enterprise software updated and securely configured, especially when handling sensitive data.
Organizations using Splunk must act promptly to apply the necessary updates and consider implementing additional security measures to prevent exploitation.
Splunk’s swift response and transparency in addressing this issue are commendable, yet this incident serves as a reminder of the constant vigilance needed in cybersecurity.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass…
Microsoft has released its highly anticipated Patch Tuesday security updates for February 2025, addressing a…
Microsoft Entra ID has introduced a robust mechanism called protected actions to mitigate the risks…
The realm of fault injection attacks has long intrigued researchers and security professionals. Among these,…
IBL Software Engineering has disclosed a significant security vulnerability, identified as CVE-2025-1077, affecting its Visual…
OpenAI, the organization behind ChatGPT and other advanced AI tools, is making significant strides in…