Imonitor Software Inc Imonitor Eam vulnerabilities
3 known vulnerabilities affecting imonitor_software_inc/imonitor_eam.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-10542P2CRITICALCVSS 9.8v9.63.942025-09-25
CVE-2025-10542 [CRITICAL] CWE-1392 CVE-2025-10542: iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry
nvd
CVE-2025-10541P3HIGHCVSS 7.8v9.63.942025-09-25
CVE-2025-10541 [HIGH] CWE-732 CVE-2025-10541: iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM p
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or exe
nvd
CVE-2025-10540P3MEDIUMCVSS 6.5v9.63.942025-09-25
CVE-2025-10540 [MEDIUM] CWE-319 CVE-2025-10540: iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well
iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable in
nvd