CVE-2025-34352
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-04

Assigner: VulnCheck

Description
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-04
Generated
2026-05-07
AI Q&A
2025-12-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34352
EUVD
EUVD-2025-200311
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jumpcloud remote_assist 0.317.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-378 Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in JumpCloud Remote Assist for Windows versions prior to 0.317.0. The uninstaller, which runs with SYSTEM privileges during agent uninstall or update, performs privileged file operations in a user-writable temporary directory without validating its trustworthiness or resetting permissions. A local low-privileged attacker can exploit this by pre-creating the directory with weak permissions and using mount-point or symbolic-link redirection to cause arbitrary file writes or deletions in protected locations. This can lead to denial of service or local privilege escalation to SYSTEM.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing a local attacker with low privileges to overwrite or delete sensitive system files, causing denial of service or escalating their privileges to SYSTEM level. This can compromise system integrity, availability, and security, potentially allowing the attacker to gain full control over the affected system.


What immediate steps should I take to mitigate this vulnerability?

Upgrade JumpCloud Remote Assist for Windows to version 0.317.0 or later, as this version includes the fix for the vulnerability. Additionally, ensure that the Remote Assist uninstaller is not run with untrusted or weak permissions on the %TEMP% directory to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart