Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Banner Ancharia Mobile 1
Banner Ancharia Desktop 1 1
Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

Splunk Enterprise Vulnerability: CVE-2025-20386 and CVE-2025-20387

5 December 2025 09:23

Security researchers have discovered two high-risk vulnerabilities (CVE-2025-20386 and CVE-2025-20387, with CVSS severity 8.0) affecting the Splunk Enterprise platform and Universal Forwarder components.

These vulnerabilities result from incorrect permissions on configuration files during software deployment on Windows systems , allowing non-administrative users to access the Splunk installation directory and its entire contents.

This vulnerability is not a traditional remote code execution vulnerability, but rather expands the attack surface through local security degradation. In the affected versions:

  • New installations or updates may cause permission configuration errors
  • Standard users can read sensitive configuration files and registries, and can even tamper with files in the directory.
  • The primary platform and forward proxy affects Windows versions prior to 10.0.2/9.4.6/9.3.8/9.2.10.

Splunk has released a fixed version and users are advised to update immediately:

  • Splunk Enterprise 10.0.2/9.4.6/9.3.8/9.2.10 or later
  • Universal Forwarder Version

For users who cannot upgrade immediately, you can run the following commands using the Windows icacls tool to manually resolve the issue:

  1. Disable inheritance: icacls.exe “” /inheritance:d
  2. Remove default user access: icacls.exe “” /remove:g *BU/T/C
  3. Remove access for authenticated users: icacls.exe “” /remove:g *S-1-5-11/T/C
  4. Re-enable inheritance (safely): icacls.exe “” /inheritance:e /T/C

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.