CVE-2025-61949 is a stored cross-site scripting (XSS) vulnerability identified in LogStare Collector (for Windows) versions 2.4.1 and earlier. The vulnerability resides in the UserManagement module, where user-supplied information is insufficiently sanitized before being stored and later rendered in the web-based management interface. When an attacker crafts malicious user information containing executable script code and stores it in the system, any administrator or user who logs into the management page and views this data will have the script executed in their browser context. This can lead to unauthorized actions such as session hijacking, credential theft, or manipulation of the management interface. The vulnerability requires the attacker to have privileges to input user data (authenticated access) and the victim to interact by logging into the management console. The CVSS 3.0 vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) indicates network attack vector, low attack complexity, privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity, with no impact on availability. No public exploits have been reported to date, but the vulnerability poses a risk in environments where multiple administrators access the system. The vulnerability highlights the importance of input validation and output encoding in web applications, especially in administrative interfaces managing critical infrastructure components like log collectors.

For European organizations, this vulnerability could lead to unauthorized script execution within the management interface of LogStare Collector, potentially compromising administrative sessions and allowing attackers to perform unauthorized actions such as modifying configurations or exfiltrating sensitive log data. This can undermine the integrity and confidentiality of log management processes, which are critical for security monitoring and compliance. Organizations in sectors such as finance, energy, telecommunications, and government, which rely heavily on centralized log collection and analysis, may face increased risk. The need for authenticated access and user interaction limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or where credential compromise is possible. Additionally, the vulnerability could be leveraged as part of a broader attack chain to escalate privileges or move laterally within a network. Failure to address this vulnerability could result in regulatory non-compliance, reputational damage, and operational disruptions.

European organizations should immediately verify if they are running LogStare Collector versions 2.4.1 or earlier and plan to upgrade to a patched version once available. In the absence of a patch, organizations should implement strict input validation and output encoding controls on the UserManagement interface to prevent injection of malicious scripts. Restrict administrative access to the management interface using network segmentation, VPNs, or IP whitelisting to reduce exposure. Enforce strong authentication mechanisms and monitor administrative login activities for anomalies. Educate administrators about the risks of XSS and the importance of cautious handling of user data inputs. Employ web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. Regularly audit user accounts and remove unnecessary privileges to minimize the number of users who can input data into the UserManagement system. Finally, implement comprehensive logging and alerting to detect potential exploitation attempts early.