Back to search
CVE-2025-10542
Published: Sep 25, 2025
Modified: Nov 3, 2025
PUBLISHED
Description
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
| Vendor | Product | Versions |
|---|---|---|
iMonitor Software Inc. | iMonitor EAM | affected 9.63.94 |
Weaknesses (CWE)
References
https://r.sec-consult.com/imonitor
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now