Privilege Escalation Risk: Splunk Universal Forwarder on Windows
A high-severity vulnerability has been discovered in Splunk Universal Forwarder (UF) for Windows , exposing enterprise systems to serious risk. Tracked as CVE-2025-20298 , the flaw allows non-administrator users to gain unauthorized access to the application's installation directory and its contents. With a CVSS v3.1 score of 8.0 , this vulnerability violates fundamental security principles such as least privilege and may lead to log tampering, data exposure, and service disruption. Overview of the Issue During new installations or upgrades of Splunk Universal Forwarder on Windows, some affected versions assign overly permissive access controls to the installation directory: C:\Program Files\SplunkUniversalForwarder This misconfiguration allows standard (non-admin) users to read and potentially modify the contents of the directory, including configuration files, log data, and binary executables. The issue is categorized under CWE-732: Incorrect Permission Assignment for Critical R...