← Back to CVEs
CVE-2025-15561
HIGH7.8
Description
An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/19/2026
Last Modified2/26/2026
Sourcenvd
Honeypot Sightings0
Affected Products
nestersoft:worktime
Weaknesses (CWE)
CWE-269
References
https://r.sec-consult.com/worktime(551230f0-3615-47bd-b7cc-93e92e730bbf)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.