CVE-2025-15561

CVE-2025-15561: Local Privilege Escalation in NesterSoft WorkTime

Vendor Nestersoft Inc.

Product WorkTime (on-prem/cloud)

Weakness CWE-269

Published February 19, 2026

Last update February 23, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.

Key dates

02Disclosure timeline

February 19, 2026 CVE published

February 23, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15561

Related vulnerabilities

CVE-2025-15561: Local Privilege Escalation in NesterSoft WorkTime

01Description

02Disclosure timeline

03References

04Related CVE