CVE-2025-24864

Published: Mar 6, 2025Modified: Mar 6, 2025

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: vultures@jpcert.or.jp (Secondary)

Description

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://help.rview.com/hc/ja/articles/38287019277843-%E7%B7%8A%E6%80%A5%E3%83%91%E3%83%83%E3%83%81%E4%BD%9C%E6%A5%AD%E3%81%AE%E3%81%94%E6%A1%88%E5%86%85-2025-02-13-%E5%AE%8C%E4%BA%86

Source: vultures@jpcert.or.jp

https://jvn.jp/en/jp/JVN24992507/

Source: vultures@jpcert.or.jp

Timeline

No history available yet.