Vulnerability Description
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://r.sec-consult.com/imonitor
- http://seclists.org/fulldisclosure/2025/Sep/72
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-i
FAQ
What is CVE-2025-10542?
CVE-2025-10542 is a vulnerability with a CVSS score of 9.8 (CRITICAL). iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remot...
How severe is CVE-2025-10542?
CVE-2025-10542 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-10542?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.