CVE-2025-62189

5.3MEDIUM

Key Information:

Vendor

Logstare Inc.

Status
Logstare Collector (for Windows)
Logstare Collector (for Linux)
Vendor
CVE Published:
21 November 2025

What is CVE-2025-62189?

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request.

Affected Version(s)

LogStare Collector (for Linux) 2.4.1 and earlier

LogStare Collector (for Windows) 2.4.1 and earlier

References

https://www.logstare.com/vulnerability/2025-001/
https://jvn.jp/en/jp/JVN77560819/

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62189 : Authorization Flaw in LogStare Collector Affects User Registration Functionality