CVE-2025-10549

Name of the Vulnerable Software and Affected Versions EfficientLab Controlio versions prior to 1.3.95

Description Weak folder permissions in the installation directory allow a local attacker to place a specially crafted DLL in the directory. This can lead to arbitrary code execution with the highest privileges because the affected service runs as NT AUTHORITYSYSTEM. DLL hijacking is a technique where an application is tricked into loading a malicious DLL instead of the intended one.

Recommendations Update to version 1.3.95 or later.