FTP Server Vulnerability in WorkExaminer Professional by WorkExaminer
CVE-2025-10639

8.8HIGH

Key Information:

Vendor: Efficientlab
Status: Workexaminer Professional
Vendor: CVE Published:; 21 October 2025

🔔 Create Efficientlab Vulnerability Alert

What is CVE-2025-10639?

The WorkExaminer Professional server's FTP server, operating on TCP port 12304, is susceptible to exploitation due to weak hardcoded credentials. An unauthorized attacker with network access can log in to the FTP server, compromising sensitive data, log files, and potentially executing arbitrary code with heightened privileges. This critical flaw allows for significant risks, including unauthorized data manipulation and system control, posing severe threats to the integrity of the WorkExaminer installation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WorkExaminer Professional <= 4.0.0.52001

References

https://r.sec-consult.com/workexaminer

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 17, 2025

Credit

Tobias Niemann, SEC Consult Vulnerability Lab

Daniel Hirschberger, SEC Consult Vulnerability Lab

Thorger Jansen, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

JSON

Efficientlab

What is CVE-2025-10639?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.