CVE-2025-34352

Name of the Vulnerable Software and Affected Versions JumpCloud Remote Assist for Windows versions prior to 0.317.0

Description An issue exists in the uninstaller of JumpCloud Remote Assist for Windows, which is executed by the JumpCloud Windows Agent with NT AUTHORITYSYSTEM privileges during update or uninstall operations. The uninstaller performs privileged create, write, execute, and delete actions on predictable files within a user-writable %TEMP% subdirectory without validating the directory's trust or resetting its Access Control Lists (ACLs). A local, low-privileged attacker can pre-create this directory with weak permissions and use mount-point or symbolic-link redirection to force arbitrary file writes to protected locations, potentially causing a denial of service by overwriting system files. Additionally, an attacker may redirect the DeleteFileW() function to target specific files or folders, enabling arbitrary deletion and local privilege escalation to SYSTEM. This issue potentially affects over 180,000 organizations globally.

Recommendations Update JumpCloud Remote Assist for Windows to version 0.317.0.