Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
CVE-2025-10641: WorkExaminer Professional sends sensitive data unencrypted over the network
CVE-2025-10641
Summary
WorkExaminer Professional transmits sensitive data in plain text, allowing unauthorized network access to intercept and modify it. This could lead to data theft or tampering. To protect sensitive data, consider using encryption or a secure alternative to FTP.
Original title
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitiv...
Original description
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted.
nvd CVSS3.1
7.1
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 21 Oct 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026