Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.

Basic Information

ID CVE-2025-10542

Source SEC-VLab

Published Sep 25, 2025 at 14:35

Modified Sep 25, 2025 at 18:24

Affected Product

Vendor iMonitor Software Inc.

Product iMonitor EAM

Version 9.63.94

Affected Versions iMonitor Software Inc. iMonitor EAM 9.63.94

CWE Classification

CWE-1392

References

r.sec-consult.com /imonitor

{
    "lastseen": "",
    "description": "iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client\u2019s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.",
    "published": "2025-09-25T14:35:18.879Z",
    "modified": "2025-09-25T18:24:22.849Z",
    "type": "cve",
    "title": "Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/imonitor",
    "id": "CVE-2025-10542",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1392"
    ],
    "cvelist": null,
    "sourceData": "iMonitor Software Inc. iMonitor EAM 9.63.94",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iMonitor EAM",
    "version": "9.63.94",
    "vendor": "iMonitor Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM_CVE-2025-10542