CVE-2025-58097 – LogStare Collector's installation directory has... (How to Fix)

Q: What is the severity of CVE-2025-58097?

CVE-2025-58097 has a CVSS score of 7.8 (HIGH). LogStare Collector's installation directory has insecure permissions allowing non-admin users to modify files. This enables privilege escalation where attackers can execute arbitrary code with administrative privileges. All LogStare Collector installations with default permissions are affected.

📋 TL;DR

LogStare Collector's installation directory has insecure permissions allowing non-admin users to modify files. This enables privilege escalation where attackers can execute arbitrary code with administrative privileges. All LogStare Collector installations with default permissions are affected.

💻 Affected Systems

Products:

LogStare Collector

Versions: All versions prior to the fix

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Default installation permissions are vulnerable. Custom installations may also be affected if similar permission issues exist.

📦 What is this software?

Logstare Collector by Secuavail

View all CVEs affecting Logstare Collector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with administrative privileges, enabling lateral movement, data theft, and persistence.

🟠

Likely Case

Local privilege escalation leading to administrative control over the LogStare Collector system and potential access to collected log data.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place, though privilege escalation risk remains.

🌐 Internet-Facing: LOW (requires local access to the system)

🏢 Internal Only: HIGH (any authenticated local user can exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.logstare.com/vulnerability/2025-001/

Restart Required: Yes

Instructions:

1. Review vendor advisory at provided URL. 2. Download and install the patched version of LogStare Collector. 3. Restart the LogStare Collector service. 4. Verify permissions on installation directory are properly restricted.

🔧 Temporary Workarounds

Restrict Installation Directory Permissions

all

Manually adjust permissions on LogStare Collector installation directory to restrict write access to administrative users only.

Linux: chmod 755 /opt/logstare-collector
Windows: icacls "C:\Program Files\LogStare Collector" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"

🧯 If You Can't Patch

Implement strict access controls to limit local user access to LogStare Collector systems
Monitor file modification events in the LogStare Collector installation directory

🔍 How to Verify

Check if Vulnerable:

Check if non-administrative users have write permissions to the LogStare Collector installation directory. On Linux: ls -la /opt/logstare-collector. On Windows: icacls "C:\Program Files\LogStare Collector"

Check Version:

Linux: /opt/logstare-collector/bin/logstare-collector --version, Windows: Check version in installed programs or run logstare-collector.exe --version

Verify Fix Applied:

Verify that only administrative users have write permissions to the installation directory and that the patched version is installed.

📡 Detection & Monitoring

Log Indicators:

File modification events in LogStare Collector installation directory
Unexpected privilege escalation events
Suspicious process execution from LogStare directory

Network Indicators:

Unusual outbound connections from LogStare Collector system

SIEM Query:

EventID=4663 OR EventID=4656 AND ObjectName LIKE '%LogStare Collector%' AND Accesses='WriteData'

📊 Metadata

CVE ID: CVE-2025-58097

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

EPSS Score: 0.01% exploit probability (2.2th percentile)

Published: November 21, 2025

Last Updated: December 5, 2025

🔗 References

https://jvn.jp/en/jp/JVN77560819/ Third Party Advisory
https://www.logstare.com/vulnerability/2025-001/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58097, you might also want to check these: