Splunk%2FUniversalForwarder%20for%20Windows

Splunk/UniversalForwarder for Windows

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

0Vulnerabilities found

CVE-2025-20298

Assigner-Cisco Systems, Inc.

View Details

Assigner-Cisco Systems, Inc.

CVSS Score-8||HIGH

EPSS-0.04% / 11.66%

7 Day CHG~0.00%

Published-02 Jun, 2025 | 17:14

Updated-04 Aug, 2025 | 18:19

Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

Vendor-Splunk LLC (Cisco Systems, Inc.)Microsoft Corporation

Product-universal_forwarder windows Splunk/UniversalForwarder for Windows

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource