Primary

Context

LogStare Collector Uncontrolled Search Path Element Vulnerability in Windows Installer

Vulnerability

A vulnerability allowing arbitrary code execution has been identified in the installer of LogStare Collector for Windows, version 2.4.1 and earlier. This issue arises from an uncontrolled search path element, which can be exploited by directing a user to download a crafted DLL file and execute the installer. The executed code will run with the privileges of the user who invoked the installer.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the user running the installer.

Remediation

Users are advised to update to LogStare Collector version 2.4.2 for Windows.

Added: Nov 21, 2025, 7:17 AM

Updated: Nov 21, 2025, 4:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogStare Collector Uncontrolled Search Path Element Vulnerability in Windows Installer

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating