Medium severity5.1NVD Advisory· Published Apr 23, 2026· Updated Apr 29, 2026

CVE-2025-10549

Description

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2026/Apr/19nvd
kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95nvd
r.sec-consult.com/controlionvd

News mentions

No linked articles in our index yet.

cvss	0.332
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000