CVE-2025-10540 | THREATINT

Description

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-25 | Updated 2025-09-25 | Assigner SEC-VLab

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status

unknown

9.63.94

affected

Credits

Marius Renner, SEC Consult Vulnerability Lab finder

Daniel Hirschberger, SEC Consult Vulnerability Lab finder

Tobias Niemann, SEC Consult Vulnerability Lab finder

Thorger Jansen, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/imonitor third-party-advisory

cve.org (CVE-2025-10540)

nvd.nist.gov (CVE-2025-10540)

Download JSON