Efficientlab Workexaminer Professional vulnerabilities
3 known vulnerabilities affecting efficientlab/workexaminer_professional.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-10640P2CRITICALCVSS 9.8≤ 4.0.0.520012025-10-21
CVE-2025-10640 [CRITICAL] CWE-602 CVE-2025-10640: An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit mis
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitoring data. This includes monitored screenshots and
nvd
CVE-2025-10639P2HIGHCVSS 8.8≤ 4.0.0.520012025-10-21
CVE-2025-10639 [HIGH] CWE-798 CVE-2025-10639: The WorkExaminer Professional server installation comes with an FTP server that is used to receive t
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchan
nvd
CVE-2025-10641P3HIGHCVSS 7.1≤ 4.0.0.520012025-10-21
CVE-2025-10641 [HIGH] CWE-319 CVE-2025-10641: All WorkExaminer Professional traffic between monitoring client, console and server is transmitted a
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients
nvd