216.73.216.133

CVE-2025-10541

· Published 25/09/2025 15:16 · Modified 26/09/2025 14:32

Labels: CVE-2025-10541 2025-09-25551230f0-3615-47bd-b7cc-93e92e730bbfCVE-2025-10541CWE-732

Essential information

Published
25/09/2025 15:16
Modified
26/09/2025 14:32
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to privilege escalation.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD
View on NVD

Affected products (CPE)

ProductCPE
imonitor / eam cpe:2.3:a:imonitor:eam:9.6394:*:*:*:*:*:*:*

References