Security Advisory

CVE-2025-15561

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-19 10:53:18

Last updated 2026-02-23 18:26:47

Assigner SEC-VLab

State PUBLISHED

Description

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT AuthoritySYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:ProgramDatawtaClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.

← Browse all CVEs View on cve.org ↗