CVE-2025-10549

UNKNOWN 0.0

DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

CWE	CWE-427
Vendor	efficientlab, llc
Product	controlio
Published	Apr 23, 2026

Stay Ahead of the Next One

Get instant alerts for efficientlab, llc controlio

Be the first to know when new unknown vulnerabilities affecting efficientlab, llc controlio are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

EfficientLab, LLC / Controlio

<1.3.95

References

NVD ↗ CVE.org ↗ EPSS Data ↗

r.sec-consult.com: https://r.sec-consult.com/controlio kb.controlio.net: https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95

Credits

Tobias Niemann, SEC Consult Vulnerability Lab Daniel Hirschberger, SEC Consult Vulnerability Lab Thorger Jansen, SEC Consult Vulnerability Lab Marius Renner, SEC Consult Vulnerability Lab