Home > Vulnerability Database > CVE-2025-10548

Mend.io Vulnerability Database

CVE-2025-10548

Date: September 23, 2025

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a man-in-the-middle attacker to deliver malicious files that are executed with SYSTEM privileges. This can lead to full remote code execution with administrative rights. No patch is available as the vendor has been unresponsive. It is assumed that previous versions are also affected, but this is not confirmed.

Severity Score

6.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10548

Url: https://r.sec-consult.com/clevercontrol

Url: https://www.mend.io/vulnerability-database/CVE-2025-10548

Severity Score

6.5

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10548

Date: September 23, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?