CVE-2025-10549

Vulnerability Description

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

Vulnerability Details

Published Date

April 23, 2026

Last Modified

April 23, 2026

CWE ID

CWE-427

Source

NVD

Vendor

EfficientLab, LLC

Product

Controlio

External References

https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95
https://r.sec-consult.com/controlio

CVE-2025-10549

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment