CVE-2025-10549

5.1 MEDIUM

Published: April 23, 2026 Modified: April 29, 2026

Description

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

https://r.sec-consult.com/controlio

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf

http://seclists.org/fulldisclosure/2026/Apr/19

Source: af854a3a-2127-422b-91ae-364da2661108

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

5.1 / 10.0

EPSS (Exploit Probability)

0.0%

0th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-427

Related CVEs

CVE-2026-7779 4.3

CVE-2026-42238 N/A

CVE-2026-42223 6.5

CVE-2026-42222 8.1

CVE-2026-42221 8.1