CVE-2025-10540

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394

Description The software transmits communication between the EAM client agent and the EAM server, and between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information, such as credentials, keylogger data, and personally identifiable information, and tamper with traffic. This allows for unauthorized disclosure and modification of data, including the potential to issue arbitrary commands to client agents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.