PT-2025-48958 · Splunk · Splunk Enterprise For Windows

CVE-2025-20386

·

Publicado

2025-12-03

·

Atualizado

2025-12-08

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.0.2 Splunk Enterprise for Windows versions prior to 9.4.6 Splunk Enterprise for Windows versions prior to 9.3.8 Splunk Enterprise for Windows versions prior to 9.2.10
Description A flaw exists in Splunk Enterprise for Windows where a new installation or upgrade to an affected version can lead to incorrect permissions being assigned within the Splunk Enterprise for Windows Installation directory. This allows non-administrator users on the system to access the directory and its contents.
Recommendations Upgrade to Splunk Enterprise for Windows version 10.0.2 or later. Upgrade to Splunk Enterprise for Windows version 9.4.6 or later. Upgrade to Splunk Enterprise for Windows version 9.3.8 or later. Upgrade to Splunk Enterprise for Windows version 9.2.10 or later.

Correção

LPE

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

BDU:2025-16301
CVE-2025-20386

Produtos afetados

Splunk Enterprise For Windows