AI description
CVE-2025-20387 affects Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10. A new installation or upgrade to these versions can lead to incorrect permissions being assigned to the "Universal Forwarder for Windows Installation" directory. By default, this directory is located at "C:\Program Files\SplunkUniversalForwarder". This vulnerability allows non-administrator users to access the directory and all its contents. The attack vector is the network, and the attack complexity is low. Exploitation requires user interaction and low privileges.
- Description
- In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- splunk
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-732
- Hype score
- Not currently trending
Splunk Windows版に高リスクの脆弱性(CVE-2025-20386,CVE-2025-20387) EnterpriseとUniversal Forwarderの両方が対象に https://t.co/Fr0MnWJaBZ #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
9 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Splunk admins: URGENT patch required! CVE-2025-20386 & CVE-2025-20387 allow local privilege escalation to SYSTEM on Windows due to lax file permissions CVSS: 8.0 | Impact: Full SIEM compromise https://t.co/eapppt7jLF #CyberSecurity #Splunk #InfoSec https://t.co/bZKRls4
@nxtgen579255
8 Dec 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Splunk EnterpriseとUniversal ForwarderのWindows版で、インストール時の誤った権限設定により特権昇格につながる深刻な欠陥が判明した(CVE-2025-20386,CVE-2025-20387)。非管理者でも機密ディレクトリへアクセスできる状態と
@yousukezan
5 Dec 2025
2266 Impressions
7 Retweets
21 Likes
9 Bookmarks
0 Replies
1 Quote
CVE-2025-20387 Splunk Universal Forwarder Windows Privilege Escalation via Incorrect Permissions https://t.co/1ILYIEzjdd
@VulmonFeeds
3 Dec 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20387 In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in in… https://t.co/a4KUXGyoMu
@CVEnew
3 Dec 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE8BF109-2B9C-4C50-AC9F-10A45456FD75",
"versionEndExcluding": "9.2.10",
"versionStartIncluding": "9.2.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05D6973D-D965-42D3-8320-AF4A4B424E6C",
"versionEndExcluding": "9.3.8",
"versionStartIncluding": "9.3.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8571F470-6AE1-4737-B1FA-49121E426AF2",
"versionEndExcluding": "9.4.6",
"versionStartIncluding": "9.4.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4413D4BE-F225-4C28-B401-EB46D8F34160",
"versionEndExcluding": "10.0.2",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
}
]