CVE-2025-10640 (CNNVD-202510-2765)
中文标题:
Work Examiner Professional 安全漏洞
英文标题:
Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional
漏洞描述
中文描述:
Work Examiner Professional是美国Work Examiner公司的一款员工电脑监控软件。 Work Examiner Professional存在安全漏洞,该漏洞源于服务器端缺少身份验证检查,可能导致未经验证的攻击者绕过登录提示并获得管理员权限,从而访问所有敏感监控数据。
英文描述:
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitoring data. This includes monitored screenshots and keystrokes of all users. The WorkExaminer Professional console is used for administrative access to the server. Before access to the console is granted administrators must login. Internally, a custom protocol is used to call a respective stored procedure on the MSSQL database. The return value of the call is not validated on the server-side. Instead it is only validated client-side which allows to bypass authentication.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| EfficientLab | WorkExaminer Professional | <= 4.0.0.52001 | - | - |
cpe:2.3:a:efficientlab:workexaminer_professional:<=_4.0.0.52001:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-10640 |
2025-11-11 15:23:02 | 2025-11-11 07:40:04 |
| NVD | nvd_CVE-2025-10640 |
2025-11-11 15:01:06 | 2025-11-11 07:47:55 |
| CNNVD | cnnvd_CNNVD-202510-2765 |
2025-11-11 15:12:30 | 2025-11-11 08:00:18 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202510-2765
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- references_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']