CVE-2025-62189
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-04
Assigner: JPCERT/CC
Description
Description
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| secuavail | logstare_collector | to 2.4.2 (exc) |
| linux | linux_kernel | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in LogStare Collector involves incorrect authorization in the UserRegistration functionality. It allows a non-administrative user to create a new user account by sending a specially crafted HTTP request, bypassing normal access controls.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow unauthorized users to create new accounts, potentially leading to unauthorized access or privilege escalation within the system. This could compromise system integrity and security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70