CVE-2025-10640
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-10640, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-21

Last updated on: 2025-11-03

Assigner: SEC Consult Vulnerability Lab

Description

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitoring data. This includes monitored screenshots and keystrokes of all users. The WorkExaminer Professional console is used for administrative access to the server. Before access to the console is granted administrators must login. Internally, a custom protocol is used to call a respective stored procedure on the MSSQL database. The return value of the call is not validated on the server-side. Instead it is only validated client-side which allows to bypass authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-21
Last Modified
2025-11-03
Generated
2026-07-06
AI Q&A
2025-10-21
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
efficientlab workexaminer_professional *
efficientlab workexaminer_professional 4.0.0.52001

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-602 The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability allows an unauthenticated attacker who can access TCP port 12306 on the WorkExaminer server to bypass the login prompt of the WorkExaminer Professional console. This happens because the server does not perform server-side validation of authentication; instead, it relies on client-side validation of the return value from a stored procedure call to the MSSQL database. As a result, the attacker can gain administrative access without proper authentication.

Impact Analysis

An attacker exploiting this vulnerability can gain administrative access to the WorkExaminer server and all sensitive monitoring data it holds. This includes access to monitored screenshots and keystrokes of all users, potentially leading to severe privacy breaches and unauthorized data exposure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart