Vulnerability in Efficientlab Workexaminer Professional
CVE-2025-10639
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP serve…
EPSS: 0.009 (54.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Efficientlab Workexaminer Professional — versions <= 4.0.0.52001
Weakness classification (CWE)
References
- 551230f0-3615-47bd-b7cc-93e92e730bbf (third-party-advisory)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2025-10639?
- CVE-2025-10639 is a high-severity vulnerability in Efficientlab Workexaminer Professional, classified under Use of Hard-coded Credentials. CVSS score: 8.8/10. Published 2025-10-21.
- How severe is CVE-2025-10639?
- High severity. CVSS v3 base score is 8.8 out of 10.