CVE-2025-58097

Medium CVSS: 6.8

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.

Vendor

Secuavail

Product

Logstare Collector

CWE

CWE-276

Yayın Tarihi

2025-11-21 07:15:53

Güncelleme

2025-12-05 15:32:48

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-276 Logstare Collector MEDIUM Secuavail 2025

Referanslar

https://jvn.jp/en/jp/JVN77560819/ https://www.logstare.com/vulnerability/2025-001/

Benzer Kayıtlar

High

CVE-2025-64695

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitr…

Medium

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information i…

Medium

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administra…

Medium

CVE-2025-62687

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unin…

Medium

CVE-2025-64299

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' passwor…