πŸ” CVE Alert

CVE-2025-15561

HIGH 7.8

Local Privilege Escalation in NesterSoft WorkTime

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be namedΒ  WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.

CWE CWE-269
Vendor nestersoft inc.
Product worktime (on-prem/cloud)
Published Feb 19, 2026
Last Updated Feb 23, 2026
Stay Ahead of the Next One

Get instant alerts for nestersoft inc. worktime (on-prem/cloud)

Be the first to know when new high vulnerabilities affecting nestersoft inc. worktime (on-prem/cloud) are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

NesterSoft Inc. / WorkTime (on-prem/cloud)
<= 11.8.8

References

NVD β†— CVE.org β†— EPSS Data β†—
r.sec-consult.com: https://r.sec-consult.com/worktime

Credits

Tobias Niemann, SEC Consult Vulnerability Lab Daniel Hirschberger, SEC Consult Vulnerability Lab Thorger Jansen, SEC Consult Vulnerability Lab Marius Renner, SEC Consult Vulnerability Lab