CVE-2025-58097 is a vulnerability identified in LogStare Collector for Windows, versions 2.4.1 and earlier, stemming from incorrect default access permissions on the software's installation directory. This misconfiguration permits any non-administrative user with local access to manipulate files within the installation directory. Because the application runs with administrative privileges, such manipulation can lead to arbitrary code execution at the elevated privilege level. The vulnerability does not require user interaction but does require the attacker to have some level of local access (low privileges). The CVSS v3.0 score is 5.5 (medium severity), reflecting the local attack vector, low complexity, required privileges, and the impact on integrity without affecting confidentiality or availability. The vulnerability is significant because it enables privilege escalation, potentially allowing an attacker to gain full control over the affected system. No public exploits have been reported yet, but the risk remains for insider threats or attackers who have gained limited access. The root cause is improper default ACLs (Access Control Lists) on the installation directory, which should ideally restrict write permissions to administrators only. This vulnerability highlights the importance of secure default configurations in software installations, especially for security-related tools like log collectors that often run with elevated privileges.

For European organizations, this vulnerability poses a risk of local privilege escalation on Windows systems running LogStare Collector. Successful exploitation could allow attackers or malicious insiders to execute arbitrary code with administrative privileges, potentially leading to full system compromise. This could undermine the integrity of log data collection and monitoring, critical for security operations and compliance. The impact is particularly concerning for sectors with stringent regulatory requirements such as finance, healthcare, and critical infrastructure, where log integrity is essential for forensic investigations and audit trails. Additionally, compromised administrative privileges could facilitate lateral movement within networks, increasing the risk of broader organizational impact. Although exploitation requires local access, the widespread use of Windows endpoints and the presence of internal threat actors or malware that gains initial foothold elevate the risk. The absence of known exploits in the wild reduces immediate urgency but does not eliminate the threat, especially as attackers often reverse-engineer disclosed vulnerabilities to develop exploits.

1. Immediately review and restrict permissions on the LogStare Collector installation directory to ensure only administrators have write access. Use Windows ACL tools (e.g., icacls) to enforce strict permissions. 2. Monitor the installation directory for unauthorized file modifications using file integrity monitoring solutions. 3. Apply vendor patches or updates as soon as they become available to address the default permission misconfiguration. 4. Limit local user accounts with access to systems running LogStare Collector, enforcing the principle of least privilege. 5. Employ endpoint detection and response (EDR) tools to detect suspicious activities indicative of privilege escalation attempts. 6. Conduct regular audits of installed software permissions and configurations, especially for security-related tools running with elevated privileges. 7. Educate system administrators and security teams about this vulnerability to ensure timely response and remediation. 8. Consider isolating systems running LogStare Collector to reduce the risk of lateral movement if compromised.