CVE-2025-10540

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information (such as credentials, keylogger data, and personally identifiable information) and tamper with traffic. This allows both unauthorized disclosure and modification of data, including issuing arbitrary commands to client agents.

Published: Sep 25, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-10540
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

No affected software listed.

http://seclists.org/fulldisclosure/2025/Sep/72
https://r.sec-consult.com/imonitor

Vulnerability Database

CVE-2025-10540

Deep Security Visibility Without the Complexity