Improper Permissions in Splunk Universal Forwarder for Windows
CVE-2025-20298

8HIGH

Key Information:

Vendor: Splunk
Status: Splunk/universalforwarder For Windows
Vendor: CVE Published:; 2 June 2025

What is CVE-2025-20298?

In affected versions of Splunk Universal Forwarder for Windows, improper permissions can be assigned during installation or upgrade. This vulnerability exposes the installation directory, allowing non-administrator users access to sensitive files. As a result, unauthorized users may potentially manipulate or view critical configuration files, posing a risk to the security of the system and potentially leading to data exposure.

Affected Version(s)

Splunk/UniversalForwarder for Windows 9.4 < 9.4.2

Splunk/UniversalForwarder for Windows 9.3 < 9.3.4

Splunk/UniversalForwarder for Windows 9.2 < 9.2.6

References

https://advisory.splunk.com/advisories/SVD-2025-0602

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
Oct 10, 2024