vulnerability
Splunk: CVE-2023-40597: Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Aug 30, 2023 | Apr 7, 2025 | Oct 31, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Aug 30, 2023
Added
Apr 7, 2025
Modified
Oct 31, 2025
Description
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.The runshellscript.py script does not perform adequate user validation. This lets an attacker use the runshellscript.py script to run a script in the root directory of another disk on the machine.The exploit requires the attacker to have write access to the drive on which they place the exploit script.This vulnerability only affects Splunk Enterprise Instances that run on Windows.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.