CVE-2025-58097 is a vulnerability identified in LogStare Collector for Windows versions 2.4.1 and earlier, stemming from incorrect default access permissions on the software's installation directory. The installation directory is configured in such a way that non-administrative users can write or modify files within it. This improper permission setting enables an attacker with limited local privileges to replace or alter executable files or scripts, leading to arbitrary code execution with administrative privileges. The vulnerability does not require user interaction to exploit but does require local access with low privileges. The CVSS v3.0 base score is 5.5 (medium), reflecting the ease of exploitation given local access and the significant impact on integrity, as attackers can escalate privileges and potentially control the system. Confidentiality and availability are not directly impacted. No public exploits have been reported yet, but the vulnerability poses a risk in environments where multiple users have access to the same system or where attackers can gain limited user access. The lack of vendor patches at the time of publication necessitates immediate mitigation through permission hardening and monitoring. This vulnerability is particularly concerning for organizations relying on LogStare Collector for log aggregation and monitoring, as compromise could undermine security monitoring capabilities.

For European organizations, the vulnerability presents a risk of local privilege escalation, which could lead to full system compromise if exploited. This is especially critical in environments with shared workstations or multi-user systems, common in enterprise and industrial settings. Attackers gaining administrative privileges could manipulate logs, disable security monitoring, or deploy further malware, undermining incident detection and response. The integrity of security monitoring data could be compromised, affecting compliance with regulations such as GDPR and NIS Directive. Organizations in sectors like finance, energy, and critical infrastructure that rely on LogStare Collector for centralized log management are at higher risk. Although exploitation requires local access, insider threats or attackers who have gained initial footholds could leverage this vulnerability to escalate privileges and move laterally within networks.

Immediate mitigation should focus on correcting the permissions of the LogStare Collector installation directory to restrict write access exclusively to administrative users. System administrators should audit and harden file system permissions to prevent unauthorized modifications. Implement strict access controls and limit the number of users with local access to systems running LogStare Collector. Employ application whitelisting and integrity monitoring to detect unauthorized changes to installation files. Regularly review user privileges and remove unnecessary local accounts. Monitor logs for suspicious activity indicative of privilege escalation attempts. Once available, apply official patches or updates from LogStare Inc. to address the vulnerability. Additionally, consider isolating systems running LogStare Collector to reduce exposure and applying endpoint protection solutions that can detect and block unauthorized code execution.