CVE-2025-26859
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| remoteview | pc_application_console | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled search path element issue (CWE-427) in RemoteView PC Application Console versions prior to 6.0.2. It allows an attacker to execute arbitrary code by placing a specially crafted DLL file in the same folder as the affected software. When the software loads DLLs, it may load the malicious DLL instead of the intended one, leading to potential arbitrary code execution. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution on the affected system. This means an attacker could potentially gain control over the system, compromising confidentiality, integrity, and availability of data and services. The CVSS v3.0 score of 7.8 indicates high severity, with impacts on confidentiality, integrity, and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the RemoteView PC Application Console version is prior to 6.0.2 and by inspecting the application directory for any suspicious or crafted DLL files placed alongside the executable. Since the vulnerability involves an uncontrolled search path element allowing arbitrary DLL loading, you can use commands to list DLL files in the application folder and verify their legitimacy. For example, on Windows, use 'dir /b /a *.dll' in the application directory to list DLLs, and use tools like 'sigcheck' or 'Get-AuthenticodeSignature' in PowerShell to verify DLL signatures. Additionally, monitoring for unexpected DLL loads or unusual process behavior can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the RemoteView PC Application Console is updated to version 6.0.2 or later, as the vulnerability is fixed in this version. Since the affected service was discontinued on January 31, 2023, consider uninstalling or disabling the RemoteView PC Application Console if it is still in use. Also, prevent untrusted DLLs from being placed in the application directory by restricting write permissions and monitoring the folder for unauthorized changes. If automatic updates are enabled, verify that they are functioning correctly to apply the fix. [1]