CVE-2025-20298 — Incorrect Permission Assignment in Universalforwarder FOR Windows

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.2%

top 61.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Universalforwarder FOR Windows Splunk Universal Forwarder

Timeline

PublishedJun 2

Description

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5splunk/splunk_universalforwarder_for_windows9.4 — 9.4.2+3

▶NVDsplunk/universal_forwarder9.1.0 — 9.1.9+3

🔴Vulnerability Details

CVEList

Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade↗2025-06-02

▶

GHSA

GHSA-4q83-43xw-q63j: In Universal Forwarder for Windows versions below 9↗2025-06-02

▶