MEDIUM
Draugiemgroup
CVE published 2026-04-28
CVE-2025-10539
CVE-2025-10539 covers improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674. According to NVD and the referenced SEC Consult advisory, an attacker who can position themselves between the client and the DeskTime update servers may be able to replace an update response with a malicious executable. The practical outcome is user-level remote code execution on affected cl [truncated]