Splunk Universal Forwarder Incorrect Permission Assignment Vulnerability (CVE-2025-20298)

Critical Vulnerability Information Vulnerability Overview Advisory ID: SVD-2025-0602 CVE ID: CVE-2025-20298 CVSSv3.1 Score: 8.0, High CWE: CWE-732 Description In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation or upgrade to an affected version may result in incorrect permission assignments for the Universal Forwarder installation directory (default: C:\Program Files\SplunkUniversalForwarder). This allows non-administrator users to access the directory and its contents. Solution Upgrade Universal Forwarder for Windows to version 9.4.2, 9.3.4, 9.2.6, 9.1.9, or later. Affected Product Versions Mitigations and Workarounds If upgrading to the fixed version is not possible, run the following command as a Windows system administrator after installing an affected version: This applies to the following scenarios: 1. New installation of an affected version. 2. Upgrade to an affected version. 3. Uninstall and re-install an existing affected version. Severity Splunk rates this vulnerability as 8.0, High, with CVSSv3.1 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Goal Reached Thanks to every supporter — we hit 100%!

Splunk Universal Forwarder Incorrect Permission Assignment Vulnerability (CVE-2025-20298)