CVE-2025-20298

High CVSS: 8.0

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

Vendor

Splunk

Product

Universal Forwarder

CWE

CWE-732

Yayın Tarihi

2025-06-02 18:15:23

Güncelleme

2025-08-04 18:19:54

Source Identifier

psirt@cisco.com

KEV Date Added

Kategoriler

CWE-732 Universal Forwarder HIGH Splunk 2025

Referanslar

https://advisory.splunk.com/advisories/SVD-2025-0602

Benzer Kayıtlar

Medium

CVE-2026-20166

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.1…

Medium

CVE-2026-20162

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510…

High

CVE-2026-20163

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251…

Medium

CVE-2026-20164

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251…

Medium

CVE-2026-20165

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.251…

Medium

CVE-2026-20144

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and 9.2.11, and Splunk Cloud Platform versions below 1…