Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Feb 26, 2026

Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

CVE-2025-20386

Description

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Affected products

Splunk/Splunk Enterprisellm-fuzzy
Range: <10.0.2 (or <9.4.6, <9.3.8, <9.2.10)
Splunk/Splunk Enterprisev5
Range: 10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

advisory.splunk.com/advisories/SVD-2025-1205mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000