AI description
CVE-2025-20298 is a vulnerability found in Splunk Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9. The vulnerability stems from incorrect permission assignments during the installation or upgrade process. This results in non-administrator users being able to access the Universal Forwarder installation directory, which is by default located at C:\Program Files\SplunkUniversalForwarder. This access could lead to unauthorized modification of executable files or configurations, potential replacement of service binaries resulting in arbitrary code execution with elevated privileges, and exposure or tampering of sensitive log data.
- Description
- In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- universal_forwarder
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-732
- Hype score
- Not currently trending
#CVE-2025-20298 affecting many #splunk universal forwarders: Your #LPE companion is back https://t.co/tIHNCwVYm3
@kmkz_security
17 Nov 2025
15625 Impressions
23 Retweets
104 Likes
41 Bookmarks
1 Reply
1 Quote
Splunk の脆弱性 CVE-2025-20298 が FIX:重要リソースに対する不適切な権限割当 https://t.co/CcmulG6SPa Splunk Universal Forwarder for Windows
@iototsecnews
16 Jun 2025
75 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Critical flaw in Splunk Universal Forwarder for Windows (CVE-2025-20298) allows non-admins to access sensitive install files due to misconfigured permissions 🚨 Affects versions <9.4.2 Details: https://t.co/Ns7wyYGC37 #Splunk #CVE202520298 #Infosec https://t.co/9N
@threatsbank
3 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20298 Splunk Universal Forwarder on Windows Permissions Vulnerability Below Specified Versions https://t.co/oDczOrhzZD
@VulmonFeeds
2 Jun 2025
102 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20298 In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect p… https://t.co/NvfiezaWsZ
@CVEnew
2 Jun 2025
197 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E99A4B2B-5630-4A90-A427-2A47CACF3722",
"versionEndExcluding": "9.1.9",
"versionStartIncluding": "9.1.0"
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29202422-6F36-4A48-896D-85161E9E83C3",
"versionEndExcluding": "9.2.6",
"versionStartIncluding": "9.2.0"
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EE92894-D3EB-4240-A994-80BFEB37C575",
"versionEndExcluding": "9.3.4",
"versionStartIncluding": "9.3.0"
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE0FC4D9-6049-49D3-97E7-C2F9FC5C0877",
"versionEndExcluding": "9.4.2",
"versionStartIncluding": "9.4.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]