1. Home
  2. CVE Database
  3. CVE-2025-10548
MEDIUM · 6.5

CVE-2025-10548

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using ...

Vulnerability Description

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2025-10548?

CVE-2025-10548 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using ...

How severe is CVE-2025-10548?

CVE-2025-10548 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-10548?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.