FTP Server Vulnerability in WorkExaminer Professional by WorkExaminer
CVE-2025-10639

Currently unrated

Key Information:

Vendor: Efficientlab
Status: Workexaminer Professional
Vendor: CVE Published:; 21 October 2025

🔔 Create Efficientlab Vulnerability Alert

What is CVE-2025-10639?

The WorkExaminer Professional server's FTP server, operating on TCP port 12304, is susceptible to exploitation due to weak hardcoded credentials. An unauthorized attacker with network access can log in to the FTP server, compromising sensitive data, log files, and potentially executing arbitrary code with heightened privileges. This critical flaw allows for significant risks, including unauthorized data manipulation and system control, posing severe threats to the integrity of the WorkExaminer installation.

Affected Version(s)

WorkExaminer Professional <= 4.0.0.52001

References

https://r.sec-consult.com/workexaminer

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 17, 2025

Credit

Tobias Niemann, SEC Consult Vulnerability Lab

Daniel Hirschberger, SEC Consult Vulnerability Lab

Thorger Jansen, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

JSON