CVE-2025-26861
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rsupport | remotecall_remote_support_program | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in RemoteCall Remote Support Program versions prior to 5.3.0. It is an uncontrolled search path element vulnerability, meaning that if a crafted DLL file is placed in the same folder as the affected product, it can be loaded and executed. This can lead to arbitrary code execution by an attacker.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code on the affected system if they can place a malicious DLL in the program's folder. This can lead to full compromise of confidentiality, integrity, and availability of the system, potentially allowing unauthorized access, data theft, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update RemoteCall Remote Support Program (for Operator) to version 5.3.0 or later to eliminate the uncontrolled search path element vulnerability. Avoid placing untrusted DLLs in the same folder as the affected product to prevent arbitrary code execution. [1]