CVE-2025-64299_CVE-2025-64299

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.

Basic Information

ID CVE-2025-64299

Source jpcert

Published Nov 21, 2025 at 06:18

Affected Product

Vendor LogStare Inc.

Product LogStare Collector (for Windows)

Version 2.4.1 and earlier

Affected Versions LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier
LogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier

CWE Classification

CWE-201

References

{
    "lastseen": "",
    "description": "LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.",
    "published": "2025-11-21T06:18:02.599Z",
    "modified": "2025-11-21T06:18:02.599Z",
    "type": "cve",
    "title": "CVE-2025-64299",
    "source": "jpcert",
    "references": "https://www.logstare.com/vulnerability/2025-001/\nhttps://jvn.jp/en/jp/JVN77560819/",
    "id": "CVE-2025-64299",
    "bulletinFamily": "",
    "cwe": [
        "CWE-201"
    ],
    "cvelist": null,
    "sourceData": "LogStare Inc. LogStare Collector (for Windows) 2.4.1 and earlier\nLogStare Inc. LogStare Collector (for Linux) 2.4.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LogStare Collector (for Windows)",
    "version": "2.4.1 and earlier",
    "vendor": "LogStare Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}