diff --git a/DEPRECATIONS.md b/DEPRECATIONS.md
index e80e86d782..e8fa819095 100644
--- a/DEPRECATIONS.md
+++ b/DEPRECATIONS.md
@@ -15,7 +15,7 @@ The following is a list of deprecations, according to the [Deprecation Policy](h
 | DEPPS9  | Rename LiveQuery `fields` option to `keys`                                                   | [#8389](https://github.com/parse-community/parse-server/issues/8389) | 6.0.0 (2023)                    | 7.0.0 (2024)                    | removed               | -     |
 | DEPPS10 | Encode `Parse.Object` in Cloud Function and remove option `encodeParseObjectInCloudFunction` | [#8634](https://github.com/parse-community/parse-server/issues/8634) | 6.2.0 (2023)                    | 9.0.0 (2026)                    | removed               | -     |
 | DEPPS11 | Replace `PublicAPIRouter` with `PagesRouter`                                                 | [#7625](https://github.com/parse-community/parse-server/issues/7625) | 8.0.0 (2025)                    | 9.0.0 (2026)                    | removed               | -     |
-| DEPPS12 | Database option `allowPublicExplain` will default to `true`                                  | [#7519](https://github.com/parse-community/parse-server/issues/7519) | 8.5.0 (2025)                    | 9.0.0 (2026)                    | deprecated            | -     |
+| DEPPS12 | Database option `allowPublicExplain` defaults to `false`                                     | [#7519](https://github.com/parse-community/parse-server/issues/7519) | 8.5.0 (2025)                    | 9.0.0 (2026)                    | removed               | -     |
 
 [i_deprecation]: ## "The version and date of the deprecation."
 [i_removal]: ## "The version and date of the planned removal."
diff --git a/spec/Deprecator.spec.js b/spec/Deprecator.spec.js
index 80e8632014..f5b6812699 100644
--- a/spec/Deprecator.spec.js
+++ b/spec/Deprecator.spec.js
@@ -47,7 +47,7 @@ describe('Deprecator', () => {
   });
 
   it('logs deprecation for nested option key with dot notation', async () => {
-    deprecations = [{ optionKey: 'databaseOptions.allowPublicExplain', changeNewDefault: 'false' }];
+    deprecations = [{ optionKey: 'databaseOptions.testOption', changeNewDefault: 'false' }];
 
     spyOn(Deprecator, '_getDeprecations').and.callFake(() => deprecations);
     const logger = require('../lib/logger').logger;
@@ -60,14 +60,14 @@ describe('Deprecator', () => {
   });
 
   it('does not log deprecation for nested option key if option is set manually', async () => {
-    deprecations = [{ optionKey: 'databaseOptions.allowPublicExplain', changeNewDefault: 'false' }];
+    deprecations = [{ optionKey: 'databaseOptions.testOption', changeNewDefault: 'false' }];
 
     spyOn(Deprecator, '_getDeprecations').and.callFake(() => deprecations);
     const logSpy = spyOn(Deprecator, '_logOption').and.callFake(() => {});
     const Config = require('../lib/Config');
     const config = Config.get('test');
     // Directly test scanParseServerOptions with nested option set
-    Deprecator.scanParseServerOptions({ databaseOptions: { allowPublicExplain: true } });
+    Deprecator.scanParseServerOptions({ databaseOptions: { testOption: true } });
     expect(logSpy).not.toHaveBeenCalled();
   });
 });
diff --git a/spec/ParseQuery.spec.js b/spec/ParseQuery.spec.js
index 0aa173dc65..4dd7eaecea 100644
--- a/spec/ParseQuery.spec.js
+++ b/spec/ParseQuery.spec.js
@@ -5369,7 +5369,7 @@ describe('Parse.Query testing', () => {
     const query = new Parse.Query('_User');
     query.equalTo('objectId', user.id);
     query.explain();
-    const result = await query.find();
+    const result = await query.find({ useMasterKey: true });
     // Validate
     expect(result.executionStats).not.toBeUndefined();
   });
@@ -5533,11 +5533,8 @@ describe('Parse.Query testing', () => {
     );
 
     it_id('c3d4e5f6-a7b8-4c9d-0e1f-2a3b4c5d6e7f')(it_only_db('mongo'))(
-      'explain works with and without master key by default',
+      'explain requires master key by default',
       async () => {
-        const logger = require('../lib/logger').logger;
-        const logSpy = spyOn(logger, 'warn').and.callFake(() => {});
-
         await reconfigureServer({
           databaseAdapter: undefined,
           databaseURI: 'mongodb://localhost:27017/parse',
@@ -5546,21 +5543,20 @@ describe('Parse.Query testing', () => {
           },
         });
 
-        // Verify deprecation warning is logged when allowPublicExplain is not explicitly set
-        expect(logSpy).toHaveBeenCalledWith(
-          jasmine.stringMatching(/DeprecationWarning.*databaseOptions\.allowPublicExplain.*false/)
-        );
-
         const obj = new TestObject({ foo: 'bar' });
         await obj.save();
 
-        // Without master key
+        // Without master key - should fail
         const query = new Parse.Query(TestObject);
         query.explain();
-        const resultWithoutMasterKey = await query.find();
-        expect(resultWithoutMasterKey).toBeDefined();
+        await expectAsync(query.find()).toBeRejectedWith(
+          new Parse.Error(
+            Parse.Error.INVALID_QUERY,
+            'Using the explain query parameter requires the master key'
+          )
+        );
 
-        // With master key
+        // With master key - should succeed
         const queryWithMasterKey = new Parse.Query(TestObject);
         queryWithMasterKey.explain();
         const resultWithMasterKey = await queryWithMasterKey.find({ useMasterKey: true });
diff --git a/src/Deprecator/Deprecations.js b/src/Deprecator/Deprecations.js
index a8a9be2e37..c4d03ca763 100644
--- a/src/Deprecator/Deprecations.js
+++ b/src/Deprecator/Deprecations.js
@@ -17,5 +17,4 @@
  */
 module.exports = [
   { optionKey: 'enableInsecureAuthAdapters', changeNewDefault: 'false' },
-  { optionKey: 'databaseOptions.allowPublicExplain', changeNewDefault: 'false' },
 ];
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index 57dd3378b7..2e9bfbfd84 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -1144,7 +1144,7 @@ module.exports.DatabaseOptions = {
     help:
       'Set to `true` to allow `Parse.Query.explain` without master key.<br><br>\u26A0\uFE0F Enabling this option may expose sensitive query performance data to unauthorized users and could potentially be exploited for malicious purposes.',
     action: parsers.booleanParser,
-    default: true,
+    default: false,
   },
   appName: {
     env: 'PARSE_SERVER_DATABASE_APP_NAME',
diff --git a/src/Options/index.js b/src/Options/index.js
index fbfe13b706..761c7049d1 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -751,7 +751,7 @@ export interface DatabaseOptions {
   /* Set to `true` to disable validation of index fields. When disabled, indexes can be created even if the fields do not exist in the schema. This can be useful when creating indexes on fields that will be added later. */
   disableIndexFieldValidation: ?boolean;
   /* Set to `true` to allow `Parse.Query.explain` without master key.<br><br>⚠️ Enabling this option may expose sensitive query performance data to unauthorized users and could potentially be exploited for malicious purposes.
-  :DEFAULT: true */
+  :DEFAULT: false */
   allowPublicExplain: ?boolean;
   /* An array of MongoDB client event configurations to enable logging of specific events. */
   logClientEvents: ?(LogClientEvent[]);
diff --git a/src/rest.js b/src/rest.js
index 66763715ea..60ae4bd425 100644
--- a/src/rest.js
+++ b/src/rest.js
@@ -37,7 +37,7 @@ async function runFindTriggers(
   const { isGet } = options;
 
   if (restOptions && restOptions.explain && !auth.isMaster) {
-    const allowPublicExplain = config.databaseOptions?.allowPublicExplain ?? true;
+    const allowPublicExplain = config.databaseOptions?.allowPublicExplain ?? false;
 
     if (!allowPublicExplain) {
       throw new Parse.Error(