CVE-2025-20386— Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

CVSS 8.0 · High EPSS 0.02% · P7 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-20386

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键资源的不正确权限授予

Source: NVD (National Vulnerability Database)

Vulnerability Title

Splunk Enterprise 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Splunk Enterprise是美国Splunk公司的一套数据收集分析软件。 Splunk Enterprise 10.0.2之前版本、9.4.6版本、9.3.8版本和9.2.10版本存在安全漏洞，该漏洞源于安装或升级时权限分配不当，可能导致非管理员用户访问安装目录及其内容。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Splunk	Splunk Enterprise	10.0 ~ 10.0.2	-

II. Public POCs for CVE-2025-20386

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-20386

请登录查看更多情报信息。

Same Patch Batch · Splunk · 2025-12-03 · 9 CVEs total

CVE-2025-20387	8.0 HIGH	Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new inst
CVE-2025-20381	5.4 MEDIUM	SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query"
CVE-2025-20384	5.3 MEDIUM	Unauthenticated Log Injection in Splunk Enterprise
CVE-2025-20389	4.3 MEDIUM	Improper Input Validation in "label" column field in Splunk Secure Gateway App
CVE-2025-20383	4.3 MEDIUM	Improper access control through push notifications for reports and alerts in Splunk Secure
CVE-2025-20382	3.5 LOW	URL validation bypass through Views Dashboard in Splunk Enterprise
CVE-2025-20388	2.7 LOW	Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterp
CVE-2025-20385	2.4 LOW	Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections

IV. Related Vulnerabilities

Same product: Splunk Enterprise

Same vendor: Splunk

Same weakness: CWE-732

V. Comments for CVE-2025-20386

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-20386— Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

I. Basic Information for CVE-2025-20386

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-20386

III. Intelligence Information for CVE-2025-20386

Same Patch Batch · Splunk · 2025-12-03 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-20386

Leave a comment