CVE-2025-64299

Summary

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.

Affected Software

VendorProductVersion RangeStatus
LogStare Inc.LogStare Collector (for Windows)2.4.1 and earlieraffected
LogStare Inc.LogStare Collector (for Linux)2.4.1 and earlieraffected

Weaknesses

  • CWE-201: Insertion of sensitive information into sent data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References