Unencrypted Data Transmission in WorkExaminer Professional by WorkExaminer
CVE-2025-10641

Currently unrated

Key Information:

Vendor: Efficientlab
Status: Workexaminer Professional
Vendor: CVE Published:; 21 October 2025

🔔 Create Efficientlab Vulnerability Alert

What is CVE-2025-10641?

The WorkExaminer Professional software transmits all data between the monitoring client, console, and server in plaintext. This vulnerability allows unauthorized actors on the same network to intercept sensitive information transmitted over unencrypted connections. Furthermore, it permits potential attackers to modify the data being sent, posing significant risks to data integrity and confidentiality. Both the unencrypted FTP traffic on port 12304 and the lack of encryption in communications on port 12306 exacerbate these risks, leaving users and their data vulnerable.

Affected Version(s)

WorkExaminer Professional <= 4.0.0.52001

References

https://r.sec-consult.com/workexaminer

third-party-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 17, 2025

Credit

Tobias Niemann, SEC Consult Vulnerability Lab

Daniel Hirschberger, SEC Consult Vulnerability Lab

Thorger Jansen, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

JSON