Contact
Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Home
Crowdstriker 970×120
Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

5 December 2025 09:23

Security researchers have discovered two high-risk vulnerabilities (CVE-2025-20386 and CVE-2025-20387, with CVSS severity 8.0) affecting the Splunk Enterprise platform and Universal Forwarder components.

These vulnerabilities result from incorrect permissions on configuration files during software deployment on Windows systems , allowing non-administrative users to access the Splunk installation directory and its entire contents.

This vulnerability is not a traditional remote code execution vulnerability, but rather expands the attack surface through local security degradation. In the affected versions:

  • New installations or updates may cause permission configuration errors
  • Standard users can read sensitive configuration files and registries, and can even tamper with files in the directory.
  • The primary platform and forward proxy affects Windows versions prior to 10.0.2/9.4.6/9.3.8/9.2.10.

Splunk has released a fixed version and users are advised to update immediately:

  • Splunk Enterprise 10.0.2/9.4.6/9.3.8/9.2.10 or later
  • Universal Forwarder Version

For users who cannot upgrade immediately, you can run the following commands using the Windows icacls tool to manually resolve the issue:

  1. Disable inheritance: icacls.exe “” /inheritance:d
  2. Remove default user access: icacls.exe “” /remove:g *BU/T/C
  3. Remove access for authenticated users: icacls.exe “” /remove:g *S-1-5-11/T/C
  4. Re-enable inheritance (safely): icacls.exe “” /inheritance:e /T/C

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Agostino Pellegrino 300x300
He is a freelancer, teacher and expert in Computer Forensics, Cyber Security and Ethical Hacking and Network Management. He has collaborated with leading educational institutions internationally and has practiced teaching and mentorship in advanced Offensive Security techniques for NATO obtaining major awards from the U.S. Government. His motto is "Study. Always."
Areas of Expertise: Cybersecurity architecture, Threat intelligence, Digital forensics, Offensive security, Incident response & SOAR, Malware analysis, Compliance & frameworks