CVE-2025-20298HIGH 8.0EPSS p14.1%

CVE-2025-20298CVE-2025-20298

Description

In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.23% probability of exploitation · percentile 14.1% · 2026-06-18T12:00:27Z
Published2025-06-02
Last modified2025-08-04

Underlying weaknesses· 1

CWE-732

References

  1. https://advisory.splunk.com/advisories/SVD-2025-0602

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-20229
CVE
CVE-2025-20371
CVE
CVE-2026-20252
CVE
CVE-2026-20258
CVE
CVE-2025-21292
CVE
CVE-2026-20255
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.