PT-2025-48958 · Splunk · Splunk Enterprise For Windows

CVE-2025-20386

·

Published

2025-12-03

·

Updated

2025-12-08

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.0.2 Splunk Enterprise for Windows versions prior to 9.4.6 Splunk Enterprise for Windows versions prior to 9.3.8 Splunk Enterprise for Windows versions prior to 9.2.10
Description A flaw exists in Splunk Enterprise for Windows where a new installation or upgrade to an affected version can lead to incorrect permissions being assigned within the Splunk Enterprise for Windows Installation directory. This allows non-administrator users on the system to access the directory and its contents.
Recommendations Upgrade to Splunk Enterprise for Windows version 10.0.2 or later. Upgrade to Splunk Enterprise for Windows version 9.4.6 or later. Upgrade to Splunk Enterprise for Windows version 9.3.8 or later. Upgrade to Splunk Enterprise for Windows version 9.2.10 or later.

Fix

LPE

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-16301
CVE-2025-20386

Affected Products

Splunk Enterprise For Windows