CVE-2024-25091
CRITICALRevoWorks SCVX <scvimage4.10.21_1013 - Code Injection
Title source: llmDescription
Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment.
References (2)
Core 2
Core References
Various Sources
https://jscom.jp/news-20240229/
Third Party Advisory
https://jvn.jp/en/jp/JVN35928117/
Scores
CVSS v3
9.1
EPSS
0.0049
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-693
Status
published
Products (2)
J's Communications Co., Ltd./RevoWorks Browser
prior to 2.2.95
J's Communications Co., Ltd./RevoWorks SCVX
prior to scvimage4.10.21_1013
Published
Mar 01, 2024
Tracked Since
Feb 18, 2026