CVE-2025-10549
5.1 MEDIUMEfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory
Published: 2026-04-23 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 5.1 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
- CWE
- CWE-427
Description
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-12003 — To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build...
- CVE-2024-22451 — Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2024-22447 — Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability (6.7 MEDIUM)
- CVE-2026-5064 — Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow ...
- CVE-2026-50100 — Multiple printer drivers provided by Ricoh Company, Ltd (7.8 HIGH)