Primary

Context

LogStare Collector Incorrect Default Permissions Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in LogStare Collector for Windows and Linux, all versions through 2.4.1, due to incorrect default permissions in the installation directory. This flaw allows non-administrative users to manipulate files within the directory and execute arbitrary code with administrative privileges.

Impact

Exploitation of this vulnerability enables non-administrative users to alter files in the installation directory and execute arbitrary code with administrative rights.

Remediation

Users are advised to update LogStare Collector to version 2.4.2 for both Windows and Linux. Instructions for verifying the current version and updating the software are available on the LogStare KnowledgeStare website.

Added: Nov 21, 2025, 7:20 AM

Updated: Nov 21, 2025, 4:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogStare Collector Incorrect Default Permissions Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating