CVE-2025-10542
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-25

Last updated on: 2025-11-03

Assigner: SEC Consult Vulnerability Lab

Description
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-25
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10542
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imonitorsoft eam 9.6394
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

iMonitor EAM 9.6394 includes default administrative credentials that are visible in the management client's connection dialog. If these default credentials are not changed by the administrator, a remote attacker can use them to authenticate to the EAM server. This allows the attacker to gain full control over all monitored agents and data, including the ability to read sensitive telemetry such as keylogger output and to issue arbitrary commands to all connected clients.

Impact Analysis

This vulnerability can allow a remote attacker to take full control of the EAM server and all connected clients. The attacker can access highly sensitive data, including keylogger outputs, and perform arbitrary actions on all monitored agents. This can lead to severe privacy breaches, data theft, unauthorized surveillance, and potential manipulation or disruption of client systems.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to change the default administrative credentials on the iMonitor EAM 9.6394 server to strong, unique passwords. This prevents remote attackers from authenticating using the default credentials and gaining full control over monitored agents and data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart