CVE-2025-15561

High CVSS: 7.8

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.

Vendor

Nestersoft

Product

Worktime

CWE

CWE-269

Yayın Tarihi

2026-02-19 11:15:56

Güncelleme

2026-02-26 02:58:45

Source Identifier

551230f0-3615-47bd-b7cc-93e92e730bbf

KEV Date Added

Kategoriler

CWE-269 Worktime HIGH Nestersoft 2026

Referanslar

https://r.sec-consult.com/worktime

Benzer Kayıtlar

High

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpo…

Medium

CVE-2025-15562

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper enco…

Medium

CVE-2025-15563

Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the…

Critical

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server…