CVE-2025-20298 | THREATINT

Description

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

PUBLISHED Reserved 2024-10-10 | Published 2025-06-02 | Updated 2025-06-02 | Assigner cisco

HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Product status

9.4 (custom) before 9.4.2

affected

9.3 (custom) before 9.3.4

affected

9.2 (custom) before 9.2.6

affected

9.1 (custom) before 9.1.9

affected

References

advisory.splunk.com/advisories/SVD-2025-0602

cve.org (CVE-2025-20298)

nvd.nist.gov (CVE-2025-20298)

Download JSON