CleverControl Employee Monitoring Software Vulnerability
CVE-2025-10548

Currently unrated

Key Information:

Vendor: Clevercontrol
Status: Clevercontrol Employee Monitoring Software
Vendor: CVE Published:; 23 September 2025

🔔 Create Clevercontrol Vulnerability Alert

What is CVE-2025-10548?

The CleverControl Employee Monitoring Software, specifically version 11.5.1041.6, experiences a serious vulnerability due to insufficient validation of TLS server certificates during installation. This flaw allows an attacker to exploit the system by utilizing curl.exe with the '--insecure' option, which ignores certificate validation. Consequently, a man-in-the-middle attack could lead to the delivery and execution of malicious files with SYSTEM privileges, granting full administrative control over the affected system. Current assessments suggest that earlier versions may also be vulnerable, though this has not been confirmed. No patch has been issued, as the vendor has not responded to this critical issue.

Affected Version(s)

CleverControl employee monitoring software 11.5.1041.6

References

https://r.sec-consult.com/clevercontrol

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Daniel Hirschberger, SEC Consult Vulnerability Lab

Thorger Jansen, SEC Consult Vulnerability Lab

Tobias Niemann, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

JSON