CVE-2025-58097

Summary

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.

Affected Software

VendorProductVersion RangeStatus
LogStare Inc.LogStare Collector (for Windows)2.4.1 and earlieraffected
LogStare Inc.LogStare Collector (for Linux)2.4.1 and earlieraffected

Weaknesses

  • CWE-276: Incorrect default permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References