CVE-2025-24864

HIGH

RemoteView Agent <8.1.5.2 - Privilege Escalation

Title source: llm

Description

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN24992507/

[Various Sources] https://help.rview.com/hc/ja/articles/38287019277843-%E7%B7%8A%E6%80%A5%E3%83%91%E3%83%83%E3%83%81%E4%BD%9C%E6%A5%AD%E3%81%AE%E3%81%94%E6%A1%88%E5%86%85-2025-02-13-%E5%AE%8C%E4%BA%86

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

RSUPPORT Co.,Ltd./RemoteView Agent (for Windows) prior to v8.1.5.2

Published Mar 06, 2025

Tracked Since Feb 18, 2026