CVE-2025-10641
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-21

Last updated on: 2025-11-03

Assigner: SEC Consult Vulnerability Lab

Description
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-21
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
efficientlab workexaminer_professional *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves WorkExaminer Professional transmitting all traffic between its monitoring client, console, and server in plain text without encryption. This means that an attacker who has access to the network can read sensitive data being transmitted and can also modify the data freely while it is in transit. Specifically, monitoring clients send data to the server using unencrypted FTP on port 12304, and all traffic between the console client and server on port 12306 is also unencrypted.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information because data is transmitted in plain text and can be intercepted by attackers on the network. Additionally, attackers can modify the data in transit, potentially leading to data tampering, misinformation, or unauthorized control over monitoring data. This compromises the confidentiality and integrity of the data exchanged between clients, consoles, and servers.

Detection Guidance

You can detect this vulnerability by monitoring network traffic for unencrypted data transmissions on the specific ports used by WorkExaminer Professional. Specifically, check for unencrypted FTP traffic on port 12304 and unencrypted traffic between the console client and server on port 12306. Commands such as 'tcpdump -i <interface> port 12304 or port 12306' or 'wireshark' filters for these ports can help identify unencrypted data flows.

Mitigation Strategies

Immediate mitigation steps include restricting network access to ports 12304 and 12306 to trusted hosts only, using network segmentation or firewall rules to limit exposure, and avoiding transmitting sensitive data over these unencrypted channels. Additionally, consider using VPNs or other encryption methods to protect data in transit until a secure update or patch is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10641. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart