CVE-2025-10549

CVE-2025-10549: DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation

Vendor Efficientlab, Llc
Product Controlio
Weakness CWE-427
Published April 23, 2026
Last update April 29, 2026

CVSS base score

What the vulnerability does

01Description

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
April 29, 2026 Record updated