MEDIUM
EfficientLab, LLC
CVE published 2026-04-23
CVE-2025-10549
CVE-2025-10549 documents a DLL hijacking vulnerability in EfficientLab Controlio versions prior to 1.3.95. The root cause is weak folder permissions in the product's installation directory, which allows a local attacker with administrative privileges to place a malicious DLL that the affected service will load. Because the service executes as NT AUTHORITY SYSTEM, successful exploitation results in arbitra [truncated]