AI description
CVE-2025-20387 affects Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10. A new installation or upgrade to these versions can lead to incorrect permissions being assigned to the "Universal Forwarder for Windows Installation" directory. By default, this directory is located at "C:\Program Files\SplunkUniversalForwarder". This vulnerability allows non-administrator users to access the directory and all its contents. The attack vector is the network, and the attack complexity is low. Exploitation requires user interaction and low privileges.
- Description
- In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- splunk
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-732
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
Splunk EnterpriseとUniversal ForwarderのWindows版で、インストール時の誤った権限設定により特権昇格につながる深刻な欠陥が判明した(CVE-2025-20386,CVE-2025-20387)。非管理者でも機密ディレクトリへアクセスできる状態と
@yousukezan
5 Dec 2025
2266 Impressions
7 Retweets
21 Likes
9 Bookmarks
0 Replies
1 Quote
CVE-2025-20387 Splunk Universal Forwarder Windows Privilege Escalation via Incorrect Permissions https://t.co/1ILYIEzjdd
@VulmonFeeds
3 Dec 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20387 In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in in… https://t.co/a4KUXGyoMu
@CVEnew
3 Dec 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE8BF109-2B9C-4C50-AC9F-10A45456FD75",
"versionEndExcluding": "9.2.10",
"versionStartIncluding": "9.2.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D6973D-D965-42D3-8320-AF4A4B424E6C",
"versionEndExcluding": "9.3.8",
"versionStartIncluding": "9.3.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8571F470-6AE1-4737-B1FA-49121E426AF2",
"versionEndExcluding": "9.4.6",
"versionStartIncluding": "9.4.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
}
]