Skip to main content

Controlio

1 CVEs product

Monthly

CVE-2025-10549 MEDIUM PATCH This Month

DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.

RCE Controlio
NVD VulDB
CVSS 3.1
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

DLL hijacking in EfficientLab Controlio before v1.3.95 allows local attackers with high privileges to achieve arbitrary code execution by placing a specially crafted DLL in the installation directory, leveraging weak folder permissions and the service's NT AUTHORITY\SYSTEM execution context. Real-world risk is constrained by the high privilege requirement (PR:H) and local-only attack vector; EPSS score of 0.01% and CISA SSVC framework marking exploitation as 'none' and technical impact as 'partial' indicate low current exploitation likelihood despite the RCE tag.

RCE Controlio
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy