CVE-2025-34352
中文标题:
(暂无数据)
英文标题:
JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory
漏洞描述
中文描述:
(暂无数据)
英文描述:
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| JumpCloud Inc. | Remote Assist | - | < 0.317.0 | - |
cpe:2.3:a:jumpcloud_inc.:remote_assist:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-34352 |
2025-12-03 03:24:29 | 2026-01-12 02:11:32 |
| NVD | nvd_CVE-2025-34352 |
2025-12-05 03:00:03 | 2026-01-12 02:27:39 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']