CVE-2025-20387 HIGH

CVE-2025-20387: Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-732
Published December 3, 2025
Last update February 26, 2026

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.

Key dates

02Disclosure timeline

December 3, 2025 CVE published
February 26, 2026 Record updated