CVE-2025-10541

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394

Description The iMonitor EAM software version 9.6394 installs a system service, eamusbsrv64.exe, that operates with NT AUTHORITYSYSTEM privileges. This service contains an insecure update mechanism that automatically loads files located in the C:sysupdate directory during startup. Any local user can create and write to this directory, allowing an attacker to place malicious DLLs or executables within it. When the service restarts, these files are moved to the application’s installation path and executed with SYSTEM privileges, resulting in privilege escalation.

Recommendations Ensure the C:sysupdate directory is properly secured to prevent unauthorized file creation and modification. Restrict local user access to the C:sysupdate directory. Monitor the C:sysupdate directory for unexpected file creation or modification. Consider disabling the automatic update mechanism if it is not essential for functionality.