CVE-2025-10548
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2025-11-03

Assigner: SEC Consult Vulnerability Lab

Description
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10548
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
clevercontrol employee_monitoring_software 11.5.1041.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in CleverControl employee monitoring software (v11.5.1041.6) occurs because the installer does not validate TLS server certificates when downloading external components. It uses curl.exe with the --insecure option, allowing a man-in-the-middle attacker to intercept and deliver malicious files. These malicious files are then executed with SYSTEM privileges, potentially leading to full remote code execution with administrative rights.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code remotely with SYSTEM-level privileges on the affected system. This means the attacker could take full control of the system, install malware, steal data, or disrupt operations.

Mitigation Strategies

Since no patch is available and the vendor is unresponsive, immediate mitigation steps include: avoiding installation or reinstallation of the affected CleverControl software version (v11.5.1041.6), restricting network access to prevent the installer from downloading external components, and monitoring for any suspicious activity related to curl.exe usage with the --insecure flag. Consider isolating affected systems and using endpoint protection to detect and block malicious executions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart