CVE-2025-64695

EPSS 0.02%
Veröffentlicht 21.11.2025 06:18:05
Zuletzt bearbeitet 02.12.2025 17:45:38
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Secuavail ≫ Logstare Collector Version < 2.4.2

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
vultures@jpcert.or.jp	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vultures@jpcert.or.jp	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://www.logstare.com/vulnerability/2025-001/

Vendor Advisory

https://jvn.jp/en/jp/JVN77560819/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-64695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64695

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64695