Inova Logic · Inova Logic Customer Monitor · CVE-2025-25598
Name of the Vulnerable Software and Affected Versions:
Inova Logic CUSTOMER MONITOR (CM) version 3.1.757.1
Description:
The issue is related to incorrect access control in the scheduled tasks console, allowing attackers to escalate privileges by placing a crafted executable into a scheduled task.
Recommendations:
For version 3.1.757.1, consider restricting access to the scheduled tasks console to minimize the risk of exploitation. As a temporary workaround, limit the ability to place executables into scheduled tasks until a fix is available.