Description

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

Classification

CVE ID: CVE-2025-24864

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: RSUPPORT Co.,Ltd.

Product: RemoteView Agent (for Windows)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.84% (scored less or equal to compared to others)

EPSS Date: 2025-04-04 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24864
https://help.rview.com/hc/ja/articles/38287019277843-%E7%B7%8A%E6%80%A5%E3%83%91%E3%83%83%E3%83%81%E4%BD%9C%E6%A5%AD%E3%81%AE%E3%81%94%E6%A1%88%E5%86%85-2025-02-13-%E5%AE%8C%E4%BA%86
https://jvn.jp/en/jp/JVN24992507/

Timeline