CVE-2025-20386

Published Dec 3, 2025

Last updated 2 months ago

CVSS high 8.0

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-20386 affects Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10. A new installation or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This vulnerability allows non-administrator users on the machine to access the directory and all its contents. The incorrect permissions assignment during installation or upgrades grants unprivileged local users read and write access to sensitive configuration files. An attacker with local access could exploit these permissions to modify system configuration or inject malicious code.

Description
In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
Source
psirt@cisco.com
NVD status
Analyzed
Products
splunk

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-732

Social media

Hype score
Not currently trending

  1. Splunk Windows版に高リスクの脆弱性(CVE-2025-20386,CVE-2025-20387) EnterpriseとUniversal Forwarderの両方が対象に https://t.co/Fr0MnWJaBZ #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃

    @securityLab_jp

    9 Dec 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Splunk admins: URGENT patch required! CVE-2025-20386 & CVE-2025-20387 allow local privilege escalation to SYSTEM on Windows due to lax file permissions CVSS: 8.0 | Impact: Full SIEM compromise https://t.co/eapppt7jLF #CyberSecurity #Splunk #InfoSec https://t.co/bZKRls4

    @nxtgen579255

    8 Dec 2025

    62 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Splunk EnterpriseとUniversal ForwarderのWindows版で、インストール時の誤った権限設定により特権昇格につながる深刻な欠陥が判明した(CVE-2025-20386,CVE-2025-20387)。非管理者でも機密ディレクトリへアクセスできる状態と

    @yousukezan

    5 Dec 2025

    2266 Impressions

    7 Retweets

    21 Likes

    9 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-20386 Splunk Enterprise Windows Privilege Escalation via Incorrect Directory Permissions https://t.co/c5s0fWQulB

    @VulmonFeeds

    3 Dec 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.