CVE-2025-10540
published 2025-09-25CVE-2025-10540: iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the…
PriorityP342medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.12%
2.0th percentile
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| imonitor_software_inc | imonitor_eam | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-25
Published