CVE-2025-10542CRITICAL 9.8EPSS p46.5%

CVE-2025-10542CVE-2025-10542

Description

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.66% probability of exploitation · percentile 46.5% · 2026-06-18T12:00:27Z
Published2025-09-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1392

References

  1. https://r.sec-consult.com/imonitor
  2. http://seclists.org/fulldisclosure/2025/Sep/72
  3. https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-imonitorsoft-eam/

1

TypeTargetConfidenceTier
WeaknessUse of Default Credentialscwe-13920%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1393
CVE
CVE-2025-56447
CVE
CVE-2025-55109
CVE
CVE-2026-5786
CVE
CVE-2025-8310
CVE
CVE-2026-22054
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.