- Description
- In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-732
- Hype score
- Not currently trending
Splunk の脆弱性 CVE-2025-20298 が FIX:重要リソースに対する不適切な権限割当 https://t.co/CcmulG6SPa Splunk Universal Forwarder for Windows
@iototsecnews
16 Jun 2025
75 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Critical flaw in Splunk Universal Forwarder for Windows (CVE-2025-20298) allows non-admins to access sensitive install files due to misconfigured permissions 🚨 Affects versions <9.4.2 Details: https://t.co/Ns7wyYGC37 #Splunk #CVE202520298 #Infosec https://t.co/9N
@threatsbank
3 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20298 Splunk Universal Forwarder on Windows Permissions Vulnerability Below Specified Versions https://t.co/oDczOrhzZD
@VulmonFeeds
2 Jun 2025
102 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20298 In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect p… https://t.co/NvfiezaWsZ
@CVEnew
2 Jun 2025
197 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes