Improper Permissions in Splunk Enterprise for Windows Affecting Multiple Versions
CVE-2025-20386

8HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-20386?

In certain versions of Splunk Enterprise for Windows, improper permissions can be assigned during installation or upgrade processes. This vulnerability allows non-administrative users to gain access to the installation directory and its contents, potentially exposing sensitive data and configuration files. Users are encouraged to apply the necessary patches or updates to mitigate this issue effectively.

Affected Version(s)

Splunk Enterprise 10.0 < 10.0.2

Splunk Enterprise 9.4 < 9.4.6

Splunk Enterprise 9.3 < 9.3.8

References

https://advisory.splunk.com/advisories/SVD-2025-1205

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Oct 10, 2024

JSON