CVE-2025-10542

Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

CVSS 9.8 CRITICALEPSS 0.7%CWE-1392

In short

iMonitor EAM 9.6394 comes with preset admin login credentials that are easy to find, and if not changed, anyone can log in remotely and take complete control of the system, accessing private data and sending commands to all connected computers.

Technical detail

CWE-1392 insecure default credentials in iMonitor EAM 9.6394 allow unauthenticated remote attackers to authenticate to the EAM server and gain administrative access without requiring network proximity or valid user interaction. Exploitation enables full compromise of all monitored agents, exfiltration of sensitive telemetry including keystroke data, and execution of arbitrary commands across the infrastructure.

Summary generated and translated by AI from the official description.

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

iMonitor Software Inc. · iMonitor EAM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2025/Sep/72 https://r.sec-consult.com/imonitor https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-imonitorsoft-eam/