CVE-2025-10639

HIGH

WorkExaminer Professional - RCE

Title source: llm

Description

The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server").

References (2)

[Various Sources] https://r.sec-consult.com/workexaminer

[Mailing List] http://seclists.org/fulldisclosure/2025/Oct/19

Scores

CVSS v3 8.8

EPSS 0.0042

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status draft

Timeline

Published Oct 21, 2025

Tracked Since Feb 18, 2026