Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Banner Mobile
Redhotcyber Banner Sito 970x120px Uscita 101125
Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

5 December 2025 09:23

Security researchers have discovered two high-risk vulnerabilities (CVE-2025-20386 and CVE-2025-20387, with CVSS severity 8.0) affecting the Splunk Enterprise platform and Universal Forwarder components.

These vulnerabilities result from incorrect permissions on configuration files during software deployment on Windows systems , allowing non-administrative users to access the Splunk installation directory and its entire contents.

This vulnerability is not a traditional remote code execution vulnerability, but rather expands the attack surface through local security degradation. In the affected versions:

  • New installations or updates may cause permission configuration errors
  • Standard users can read sensitive configuration files and registries, and can even tamper with files in the directory.
  • The primary platform and forward proxy affects Windows versions prior to 10.0.2/9.4.6/9.3.8/9.2.10.

Splunk has released a fixed version and users are advised to update immediately:

  • Splunk Enterprise 10.0.2/9.4.6/9.3.8/9.2.10 or later
  • Universal Forwarder Version

For users who cannot upgrade immediately, you can run the following commands using the Windows icacls tool to manually resolve the issue:

  1. Disable inheritance: icacls.exe “” /inheritance:d
  2. Remove default user access: icacls.exe “” /remove:g *BU/T/C
  3. Remove access for authenticated users: icacls.exe “” /remove:g *S-1-5-11/T/C
  4. Re-enable inheritance (safely): icacls.exe “” /inheritance:e /T/C

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

  • #cybersecurity
  • CVE-2025-20386
  • CVE-2025-20387
  • local security degradation
  • patch management
  • security updates
  • Splunk Enterprise vulnerability
  • Splunk Universal Forwarder
  • vulnerability management
  • Windows security
Immagine del sito
Redazione

The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.