CVE-2025-10640
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-11-03
Assigner: SEC Consult Vulnerability Lab
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| efficientlab | workexaminer_professional | * |
| efficientlab | workexaminer_professional | 4.0.0.52001 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-602 | The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker who can access TCP port 12306 on the WorkExaminer server to bypass the login prompt of the WorkExaminer Professional console. This happens because the server does not perform server-side validation of authentication; instead, it relies on client-side validation of the return value from a stored procedure call to the MSSQL database. As a result, the attacker can gain administrative access without proper authentication.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain administrative access to the WorkExaminer server and all sensitive monitoring data it holds. This includes access to monitored screenshots and keystrokes of all users, potentially leading to severe privacy breaches and unauthorized data exposure.