EfficientLab Controlio EUVD-2025-209559

| CVE-2025-10549 MEDIUM
Uncontrolled Search Path Element (CWE-427)
2026-04-23 SEC-VLab GHSA-hhv5-qpmh-pc66
RCE
5.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 23, 2026 - 15:43 vuln.today
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.1 (None) 5.1 (MEDIUM)
Patch available
Apr 23, 2026 - 09:01 EUVD

DescriptionNVD

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

AnalysisAI

DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.

Technical ContextAI

EfficientLab Controlio is a client control and monitoring application that installs a Windows service running under NT AUTHORITY\SYSTEM. The vulnerability stems from CWE-427 (uncontrolled search path element), where the installation directory has weak discretionary access control lists (DACLs) permitting high-privilege local users to write arbitrary files. When Controlio's service or elevated processes load DLLs from the installation directory without full-path validation, an attacker-supplied DLL can be executed with SYSTEM privileges. This is a classic privilege escalation and code execution vector on Windows systems where installation folders are world-writable or group-writable.

RemediationAI

Vendor-released patch: Upgrade EfficientLab Controlio to version 1.3.95 or later, which addresses the weak folder permissions in the installation directory. Users should refer to the vendor knowledge base (https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95) for step-by-step upgrade instructions. As a temporary compensating control on systems where immediate patching is not feasible, restrict write permissions on the Controlio installation directory (typically C:\Program Files\Controlio or similar) to administrators and the SYSTEM account only, removing any group or user write ACLs. This mitigation requires administrative access and should be tested in a non-production environment first to ensure the service can still function correctly; improper permission changes may break the application's ability to update or load required libraries.

Share

EUVD-2025-209559 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy