CVE-2025-61949

4.8MEDIUM

Key Information:

Vendor: Logstare Inc.
Status: Logstare Collector (for Windows); Logstare Collector (for Linux)
Vendor: CVE Published:; 21 November 2025

🔔 Create Logstare Inc. Vulnerability Alert

What is CVE-2025-61949?

LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.

Affected Version(s)

LogStare Collector (for Linux) 2.4.1 and earlier

LogStare Collector (for Windows) 2.4.1 and earlier

References

https://www.logstare.com/vulnerability/2025-001/

https://jvn.jp/en/jp/JVN77560819/

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 10, 2025

JSON