CVE-2025-20386 | Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows Installation Directory permission assignment (SVD-2025-1205)

A vulnerability was found in Splunk Enterprise up to 9.2.9/9.3.7/9.4.5/10.0.1 on Windows and classified as critical. Affected is an unknown function of the component Installation Directory Handler. The manipulation results in incorrect permission assignment.

This vulnerability is reported as CVE-2025-20386. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More