CVE-2025-10548 (CNNVD-202509-3705)
中文标题:
CleverControl 安全漏洞
英文标题:
Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution
漏洞描述
中文描述:
CleverControl是美国CleverControl公司的一款员工电脑监控软件。 CleverControl 11.5.1041.6版本存在安全漏洞,该漏洞源于安装过程中未验证TLS服务器证书,可能导致中间人攻击和远程代码执行。
英文描述:
The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| CleverControl | CleverControl employee monitoring software | 11.5.1041.6 | - | - |
cpe:2.3:a:clevercontrol:clevercontrol_employee_monitoring_software:11.5.1041.6:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-10548 |
2025-11-11 15:23:01 | 2025-11-11 07:40:04 |
| NVD | nvd_CVE-2025-10548 |
2025-11-11 15:01:03 | 2025-11-11 07:47:55 |
| CNNVD | cnnvd_CNNVD-202509-3705 |
2025-11-11 15:12:58 | 2025-11-11 08:00:13 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-3705
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- references_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']