[Japanese]

JVNDB-2025-000016

Multiple vulnerabilities in RemoteView Agent (for Windows)

Overview

RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd.
On the remote PCs should be installed RemoteView Agent.
The following vulnerabilities are reported on RemoteView Agent installation.
  • Incorrect access permission of a specific service (CWE-276) - CVE-2025-22447
  • Incorrect access permission of a specific folder (CWE-276) - CVE-2025-24864

Yuya Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-22447

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-24864
Affected Products


RSUPPORT Co., Ltd.
  • RemoteView Agent (for Windows) versions prior to v8.1.5.2

Impact

By exploiting either vulnerability, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege (CVE-2025-22447, CVE-2025-24864).
Solution

[Apply the Patch]
Apply the patch according to the information provided by the developer.
Vendor Information

RSUPPORT Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-22447
  2. CVE-2025-24864
References

  1. JVN : JVN#24992507
Revision History

  • [2025/03/06]
      Web page was published
  • [2025/03/10]
      Affected Products : Product was modified

Date Public2025/03/06
Date First Published2025/03/06
Date Last Updated2025/03/10