CVE-2025-15559 | THREATINT

Description

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on the WorkTime server as NT Authority\SYSTEM with the highest privileges. Attackers are able to access or manipulate sensitive data and take over the whole server.

PUBLISHED Reserved 2026-02-04 | Published 2026-02-19 | Updated 2026-02-23 | Assigner SEC-VLab

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unknown

<= 11.8.8

affected

Credits

Tobias Niemann, SEC Consult Vulnerability Lab finder

Daniel Hirschberger, SEC Consult Vulnerability Lab finder

Thorger Jansen, SEC Consult Vulnerability Lab finder

Marius Renner, SEC Consult Vulnerability Lab finder

References

r.sec-consult.com/worktime third-party-advisory

cve.org (CVE-2025-15559)

nvd.nist.gov (CVE-2025-15559)

Download JSON