CVE-2025-10549 PUBLISHED

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

The vendor provides a patch v1.3.95 which should be installed immediately.

• Tobias Niemann, SEC Consult Vulnerability Lab finder
• Daniel Hirschberger, SEC Consult Vulnerability Lab finder
• Thorger Jansen, SEC Consult Vulnerability Lab finder
• Marius Renner, SEC Consult Vulnerability Lab finder

• https://r.sec-consult.com/controlio
• https://kb.controlio.net/hc/en-us/articles/45777908471185-Client-Update-April-15-2026-ver-1-3-95

• CWE-427 Uncontrolled Search Path Element CWE

• CAPEC-471 Search Order Hijacking