CVE-2025-20298 – Splunk Universal Forwarder Windows Privilege Escalation Vulnerability

June 2, 2025

CVE ID : CVE-2025-20298

Published : June 2, 2025, 6:15 p.m. | 1 hour, 9 minutes ago

Description : In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:Program FilesSplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20297 – Splunk Cross-Site Scripting (XSS)

Next Article CVE-2025-5036 – Autodesk Revit Use-After-Free Vulnerability

Highlights

CVE-2025-5816 – “WooCommerce Pengiriman Plugin Insecure Direct Object Reference”

July 18, 2025

CVE ID : CVE-2025-5816

Published : July 18, 2025, 5:15 a.m. | 59 minutes ago

Description : The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the get_order_detail() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s orders.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: Superfluous U’s

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-20298 – Splunk Universal Forwarder Windows Privilege Escalation Vulnerability

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

CISA adds Microsoft and Apple vulnerabilities to KEV Catalog

CVE-2025-43201 – Apple Music Classical Credential Disclosure

Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet

CVE-2025-7913 – TOTOLINK T6 MQTT Service Buffer Overflow Vulnerability

CVE-2025-5816 – “WooCommerce Pengiriman Plugin Insecure Direct Object Reference”

Unpatched security hole has left millions of Moonpig customers at risk for 17 months

zing/laravel-scout-opensearch

Speedify VPN macOS Vulnerability Let Attackers Escalate Privilege

CVE-2025-20298 – Splunk Universal Forwarder Windows Privilege Escalation Vulnerability

Related Posts