CVE-2025-64299 – LogStare Collector contains an information disc... (How to Fix)

Q: What is the severity of CVE-2025-64299?

CVE-2025-64299 has a CVSS score of 2.7 (LOW). LogStare Collector contains an information disclosure vulnerability where administrative users can access other users' password hashes. This affects all LogStare Collector deployments with administrative user accounts. While password hashes are not plaintext passwords, they could potentially be cracked offline.

📋 TL;DR

LogStare Collector contains an information disclosure vulnerability where administrative users can access other users' password hashes. This affects all LogStare Collector deployments with administrative user accounts. While password hashes are not plaintext passwords, they could potentially be cracked offline.

💻 Affected Systems

Products:

LogStare Collector

Versions: All versions prior to 4.2.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative user privileges to exploit. All deployments with administrative accounts are affected.

📦 What is this software?

Logstare Collector by Secuavail

View all CVEs affecting Logstare Collector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrative user with malicious intent could extract all password hashes, crack them offline, and gain unauthorized access to user accounts, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Accidental exposure of password hashes to legitimate administrators during normal operations, or targeted extraction by a compromised administrative account.

🟢

If Mitigated

Limited to authorized administrative users only, with strong password policies making hash cracking difficult and proper monitoring detecting unusual access patterns.

🌐 Internet-Facing: LOW - This requires administrative access, which should not be exposed to the internet.

🏢 Internal Only: MEDIUM - Internal administrative users have access to sensitive credential data that could be misused or extracted if their accounts are compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrative credentials. The vulnerability is in normal administrative interface functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.1

Vendor Advisory: https://www.logstare.com/vulnerability/2025-001/

Restart Required: Yes

Instructions:

1. Download LogStare Collector version 4.2.1 from official vendor site. 2. Backup current configuration. 3. Stop LogStare Collector service. 4. Install/upgrade to version 4.2.1. 5. Restart LogStare Collector service. 6. Verify functionality.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative accounts to only essential personnel and implement strict access controls.

Implement Strong Password Policies

all

Enforce complex passwords and regular rotation to make hash cracking more difficult.

🧯 If You Can't Patch

Implement multi-factor authentication for all administrative accounts.
Monitor administrative user activity for unusual hash access patterns.

🔍 How to Verify

Check if Vulnerable:

Check LogStare Collector version. If version is below 4.2.1, the system is vulnerable.

Check Version:

logstare-collector --version

Verify Fix Applied:

Verify version is 4.2.1 or higher and test that administrative users cannot access other users' password hashes through the interface.

📡 Detection & Monitoring

Log Indicators:

Unusual administrative user access to user management functions
Multiple password hash retrieval attempts

Network Indicators:

Unusual API calls to user credential endpoints from administrative accounts

SIEM Query:

source="logstare" AND (event_type="user_management" OR action="password_hash_access") AND user_role="admin"

📊 Metadata

CVE ID: CVE-2025-64299

CVSS v3 Score: 2.7 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-201

EPSS Score: 0.04% exploit probability (12.7th percentile)

Published: November 21, 2025

Last Updated: December 2, 2025

🔗 References

https://jvn.jp/en/jp/JVN77560819/ Third Party Advisory
https://www.logstare.com/vulnerability/2025-001/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64299, you might also want to check these: