CVE-2025-58097_CVE-2025-58097

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.

Basic Information

ID CVE-2025-58097

Source jpcert

Published Nov 21, 2025 at 06:17

Affected Product

Vendor LogStare Inc.

Product LogStare Collector (for Windows)

Version 2.4.1 and earlier

Affected Versions LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier
LogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier

CWE Classification

CWE-276

References

{
    "lastseen": "",
    "description": "The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.",
    "published": "2025-11-21T06:17:50.799Z",
    "modified": "2025-11-21T06:17:50.799Z",
    "type": "cve",
    "title": "CVE-2025-58097",
    "source": "jpcert",
    "references": "https://www.logstare.com/vulnerability/2025-001/\nhttps://jvn.jp/en/jp/JVN77560819/",
    "id": "CVE-2025-58097",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier\nLogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LogStare Collector (for Windows)",
    "version": "2.4.1 and earlier",
    "vendor": "LogStare Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}