CVE-2025-58097

6.8MEDIUM

Key Information:

Vendor

Logstare Inc.

Status
Logstare Collector (for Windows)
Logstare Collector (for Linux)
Vendor
CVE Published:
21 November 2025

What is CVE-2025-58097?

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.

Affected Version(s)

LogStare Collector (for Linux) 2.4.1 and earlier

LogStare Collector (for Windows) 2.4.1 and earlier

References

https://www.logstare.com/vulnerability/2025-001/
https://jvn.jp/en/jp/JVN77560819/

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-58097 : Access Control Vulnerability in LogStare Collector