Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20386

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Published

2025-12-03T17:15:51.080

Last Modified

2025-12-05T17:51:41.637

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	splunk	splunk	< 9.2.10	Yes
Application	splunk	splunk	< 9.3.8	Yes
Application	splunk	splunk	< 9.4.6	Yes
Application	splunk	splunk	< 10.0.2	Yes
Operating System	microsoft	windows	-	No

References

https://advisory.splunk.com/advisories/SVD-2025-1205 Vendor Advisory ([email protected])