Back to search
CVE-2025-15561
Published: Feb 19, 2026
Modified: Feb 23, 2026
PUBLISHED
Description
An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.
| Vendor | Product | Versions |
|---|---|---|
NesterSoft Inc. | WorkTime (on-prem/cloud) | affected <= 11.8.8 |
Weaknesses (CWE)
References
https://r.sec-consult.com/worktime
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now