CVE-2025-10548

Name of the Vulnerable Software and Affected Versions CleverControl versions prior to 11.5.1041.6

Description The software does not validate TLS server certificates during installation. The installer uses curl.exe --insecure to download and execute external components, allowing a man-in-the-middle attacker to deliver malicious files. These files are executed with SYSTEM privileges, potentially leading to full remote code execution with administrative rights.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.