Platform
windows
Component
logstare-collector
Fixed in
2.4.2
2.4.2
CVE-2025-62687 describes a cross-site request forgery (CSRF) vulnerability discovered in LogStare Collector. This flaw allows an attacker to perform unauthorized actions on behalf of an authenticated user if they view a specially crafted page. The vulnerability affects versions of LogStare Collector up to and including 2.4.1, and a patch is available in version 2.4.2.
A successful CSRF attack against LogStare Collector could allow an attacker to perform actions as the logged-in user. This could include modifying configurations, accessing sensitive data, or potentially even escalating privileges depending on the user's role and permissions within the LogStare Collector environment. The attacker would need to trick the user into visiting a malicious webpage, which could be achieved through phishing emails, compromised websites, or other social engineering techniques. The blast radius of this vulnerability is limited to the scope of actions the affected user can perform within LogStare Collector.
CVE-2025-62687 was publicly disclosed on 2025-11-21. There is no indication of active exploitation at this time, and no public proof-of-concept (POC) code has been released. The vulnerability's CVSS score of 6.5 (Medium) suggests a moderate probability of exploitation if a suitable attack vector is developed and widely distributed. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62687 is to upgrade LogStare Collector to version 2.4.2 or later, which contains the fix. If immediate upgrading is not possible, consider implementing stricter input validation and output encoding within the application to prevent the injection of malicious URLs. Additionally, implement a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, reducing the attack surface. After upgrading, confirm the fix by attempting to trigger a known CSRF attack vector and verifying that the action is blocked.
Update LogStare Collector to the latest version available from the vendor. This should include the fix for the CSRF (Cross-Site Request Forgery) vulnerability. Refer to the vendor's website for specific instructions on how to update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62687 is a cross-site request forgery (CSRF) vulnerability affecting LogStare Collector versions up to 2.4.1. It allows attackers to perform actions as a logged-in user through crafted web pages.
You are affected if you are using LogStare Collector version 2.4.1 or earlier. Upgrade to version 2.4.2 or later to mitigate the vulnerability.
Upgrade LogStare Collector to version 2.4.2 or later. As a temporary workaround, implement stricter input validation and a Content Security Policy (CSP).
There is currently no evidence of active exploitation of CVE-2025-62687, and no public proof-of-concept code is available.
Refer to the official LogStare Collector security advisory for detailed information and updates regarding CVE-2025-62687.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.