AI description
CVE-2025-20386 affects Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10. A new installation or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This vulnerability allows non-administrator users on the machine to access the directory and all its contents. The incorrect permissions assignment during installation or upgrades grants unprivileged local users read and write access to sensitive configuration files. An attacker with local access could exploit these permissions to modify system configuration or inject malicious code.
- Description
- In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- splunk
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-732
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
Splunk EnterpriseとUniversal ForwarderのWindows版で、インストール時の誤った権限設定により特権昇格につながる深刻な欠陥が判明した(CVE-2025-20386,CVE-2025-20387)。非管理者でも機密ディレクトリへアクセスできる状態と
@yousukezan
5 Dec 2025
2266 Impressions
7 Retweets
21 Likes
9 Bookmarks
0 Replies
1 Quote
CVE-2025-20386 Splunk Enterprise Windows Privilege Escalation via Incorrect Directory Permissions https://t.co/c5s0fWQulB
@VulmonFeeds
3 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE8BF109-2B9C-4C50-AC9F-10A45456FD75",
"versionEndExcluding": "9.2.10",
"versionStartIncluding": "9.2.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D6973D-D965-42D3-8320-AF4A4B424E6C",
"versionEndExcluding": "9.3.8",
"versionStartIncluding": "9.3.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8571F470-6AE1-4737-B1FA-49121E426AF2",
"versionEndExcluding": "9.4.6",
"versionStartIncluding": "9.4.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]