Unencrypted Data Transmission in WorkExaminer Professional by WorkExaminer
CVE-2025-10641

7.1HIGH

Key Information:

Vendor: Efficientlab
Status: Workexaminer Professional
Vendor: CVE Published:; 21 October 2025

🔔 Create Efficientlab Vulnerability Alert

What is CVE-2025-10641?

The WorkExaminer Professional software transmits all data between the monitoring client, console, and server in plaintext. This vulnerability allows unauthorized actors on the same network to intercept sensitive information transmitted over unencrypted connections. Furthermore, it permits potential attackers to modify the data being sent, posing significant risks to data integrity and confidentiality. Both the unencrypted FTP traffic on port 12304 and the lack of encryption in communications on port 12306 exacerbate these risks, leaving users and their data vulnerable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WorkExaminer Professional <= 4.0.0.52001

References

https://r.sec-consult.com/workexaminer

third-party-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 17, 2025

Credit

Tobias Niemann, SEC Consult Vulnerability Lab

Daniel Hirschberger, SEC Consult Vulnerability Lab

Thorger Jansen, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

JSON

Efficientlab