CVE-2025-64695

High CVSS: 8.4

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer.

Vendor

Secuavail

Product

Logstare Collector

CWE

CWE-427

Yayın Tarihi

2025-11-21 07:15:55

Güncelleme

2025-12-02 17:45:38

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-427 Logstare Collector HIGH Secuavail 2025

Referanslar

https://jvn.jp/en/jp/JVN77560819/ https://www.logstare.com/vulnerability/2025-001/

Benzer Kayıtlar

Medium

CVE-2025-61949

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information i…

Medium

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administra…

Medium

CVE-2025-62687

Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted page while logged, unin…

Medium

CVE-2025-64299

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' passwor…

Medium

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative u…