CVE-2025-10639
HIGHWorkExaminer Professional <= 4.0.0.52001 - Use of Hard-coded Credentials in FTP Server
Title source: llmDescription
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code execution as NT Authority\SYSTEM on the server by exchanging accessible service binaries in the WorkExaminer installation directory (e.g. "C:\Program File (x86)\Work Examiner Professional Server").
References (2)
Core 2
Core References
Mailing List
http://seclists.org/fulldisclosure/2025/Oct/19
Various Sources third-party-advisory
https://r.sec-consult.com/workexaminer
Scores
CVSS v3
8.8
EPSS
0.0082
EPSS Percentile
52.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
EfficientLab/WorkExaminer Professional
<= 4.0.0.52001
Published
Oct 21, 2025
Tracked Since
Feb 18, 2026