Home

Description

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.

PUBLISHED Reserved 2025-09-16 | Published 2025-09-23 | Updated 2025-11-03 | Assigner SEC-VLab

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
unknown

11.5.1041.6
affected

Credits

Daniel Hirschberger, SEC Consult Vulnerability Lab finder

Thorger Jansen, SEC Consult Vulnerability Lab finder

Tobias Niemann, SEC Consult Vulnerability Lab finder

Marius Renner, SEC Consult Vulnerability Lab finder

References

seclists.org/fulldisclosure/2025/Sep/71

r.sec-consult.com/clevercontrol third-party-advisory

cve.org (CVE-2025-10548)

nvd.nist.gov (CVE-2025-10548)

Download JSON