Jumpcloud · Jumpcloud Windows Agent · CVE-2025-34352
**Name of the Vulnerable Software and Affected Versions**
JumpCloud Remote Assist for Windows versions prior to 0.317.0
**Description**
An issue exists in the uninstaller of JumpCloud Remote Assist for Windows, which is executed by the JumpCloud Windows Agent with NT AUTHORITYSYSTEM privileges during update or uninstall operations. The uninstaller performs privileged create, write, execute, and delete actions on predictable files within a user-writable `%TEMP%` subdirectory without validating the directory's trust or resetting its Access Control Lists (ACLs). A local, low-privileged attacker can pre-create this directory with weak permissions and use mount-point or symbolic-link redirection to force arbitrary file writes to protected locations, potentially causing a denial of service by overwriting system files. Additionally, an attacker may redirect the `DeleteFileW()` function to target specific files or folders, enabling arbitrary deletion and local privilege escalation to SYSTEM. This issue potentially affects over 180,000 organizations globally.
**Recommendations**
Update JumpCloud Remote Assist for Windows to version 0.317.0.