Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to privilege escalation.

Basic Information

ID CVE-2025-10541

Source SEC-VLab

Published Sep 25, 2025 at 14:31

Modified Sep 25, 2025 at 18:27

Affected Product

Vendor iMonitor Software Inc.

Product iMonitor EAM

Version 9.63.94

Affected Versions iMonitor Software Inc. iMonitor EAM 9.63.94

CWE Classification

CWE-732

References

r.sec-consult.com /imonitor

{
    "lastseen": "",
    "description": "iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\\sysupdate\\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application\u2019s installation path and executed with SYSTEM privileges, leading to privilege escalation.",
    "published": "2025-09-25T14:31:32.644Z",
    "modified": "2025-09-25T18:27:39.262Z",
    "type": "cve",
    "title": "Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/imonitor",
    "id": "CVE-2025-10541",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "iMonitor Software Inc. iMonitor EAM 9.63.94",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iMonitor EAM",
    "version": "9.63.94",
    "vendor": "iMonitor Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM_CVE-2025-10541