Search
Find a vulnerability
Search criteria
8 vulnerabilities by RSUPPORT CO., LTD.
JVNDB-2025-000085
Vulnerability from jvndb - Published: 2025-10-15 15:55 - Updated:2025-10-15 15:55
Severity
Summary
Multiple RSUPPORT products may insecurely load Dynamic Link Libraries
Details
Multiple RSUPPORT products contain multiple vulnerabilities listed below.
- RemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859
- RemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
"dc:date": "2025-10-15T15:55+09:00",
"dcterms:issued": "2025-10-15T15:55+09:00",
"dcterms:modified": "2025-10-15T15:55+09:00",
"description": "Multiple RSUPPORT products contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eRemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859\u003c/li\u003e\r\n\u003cli\u003eRemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2025-26859\r\nEiji James Yoshida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-26860, CVE-2025-26861\r\nEili Masami reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nJPCERT/CC Addendum\r\nThese vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017.\r\nThe developer released the fixed versions in 2017.\r\nThe coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
"sec:cpe": [
{
"#text": "cpe:/a:rsupport:remotecall",
"@product": "RemoteCall",
"@vendor": "RSUPPORT Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:rsupport:remoteview",
"@product": "RemoteView",
"@vendor": "RSUPPORT Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000085",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN22713803/index.html",
"@id": "JVN#22713803",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26859",
"@id": "CVE-2025-26859",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26860",
"@id": "CVE-2025-26860",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26861",
"@id": "CVE-2025-26861",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple RSUPPORT products may insecurely load Dynamic Link Libraries"
}
JVNDB-2025-000016
Vulnerability from jvndb - Published: 2025-03-06 14:27 - Updated:2025-03-10 15:22
Severity
Summary
Multiple vulnerabilities in RemoteView Agent (for Windows)
Details
RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd.
On the remote PCs should be installed RemoteView Agent.
The following vulnerabilities are reported on RemoteView Agent installation.
- Incorrect access permission of a specific service (CWE-276) - CVE-2025-22447
- Incorrect access permission of a specific folder (CWE-276) - CVE-2025-24864
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000016.html",
"dc:date": "2025-03-10T15:22+09:00",
"dcterms:issued": "2025-03-06T14:27+09:00",
"dcterms:modified": "2025-03-10T15:22+09:00",
"description": "RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd.\r\nOn the remote PCs should be installed RemoteView Agent.\r\nThe following vulnerabilities are reported on RemoteView Agent installation.\u003cul\u003e\u003cli\u003eIncorrect access permission of a specific service (CWE-276) - CVE-2025-22447\u003c/li\u003e\u003cli\u003eIncorrect access permission of a specific folder (CWE-276) - CVE-2025-24864\u003c/li\u003e\u003c/ul\u003e\r\nYuya Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000016.html",
"sec:cpe": {
"#text": "cpe:/a:rsupport:remoteview-agent",
"@product": "RemoteView Agent",
"@vendor": "RSUPPORT Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000016",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN24992507/index.html",
"@id": "JVN#24992507",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-22447",
"@id": "CVE-2025-22447",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-24864",
"@id": "CVE-2025-24864",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in RemoteView Agent (for Windows)"
}
CVE-2025-26861 (GCVE-0-2025-26861)
Vulnerability from nvd – Published: 2025-10-15 06:07 – Updated: 2025-10-15 17:15
VLAI
Summary
RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) |
Affected:
prior to 5.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:13:16.777475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:15:33.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteCall Remote Support Program (for Operator)",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 5.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:07:01.220Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.remotecall.com/en/support/download/"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26861",
"datePublished": "2025-10-15T06:07:01.220Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T17:15:33.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26860 (GCVE-0-2025-26860)
Vulnerability from nvd – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:17
VLAI
Summary
RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) |
Affected:
prior to 5.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:17:24.811309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:17:32.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteCall Remote Support Program (for Operator)",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:06:41.514Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.remotecall.com/en/support/download/"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26860",
"datePublished": "2025-10-15T06:06:41.514Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T13:17:32.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26859 (GCVE-0-2025-26859)
Vulnerability from nvd – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:22
VLAI
Summary
RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteView PC Application Console |
Affected:
prior to 6.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:22:22.411907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:22:28.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteView PC Application Console",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:06:04.501Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://help.rview.com/hc/en-us/articles/4420613945875-Notice-of-termination-of-RemoteView-PC-application-console-service"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26859",
"datePublished": "2025-10-15T06:06:04.501Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T13:22:28.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26861 (GCVE-0-2025-26861)
Vulnerability from cvelistv5 – Published: 2025-10-15 06:07 – Updated: 2025-10-15 17:15
VLAI
Summary
RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) |
Affected:
prior to 5.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:13:16.777475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:15:33.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteCall Remote Support Program (for Operator)",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 5.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:07:01.220Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.remotecall.com/en/support/download/"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26861",
"datePublished": "2025-10-15T06:07:01.220Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T17:15:33.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26860 (GCVE-0-2025-26860)
Vulnerability from cvelistv5 – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:17
VLAI
Summary
RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) |
Affected:
prior to 5.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:17:24.811309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:17:32.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteCall Remote Support Program (for Operator)",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:06:41.514Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.remotecall.com/en/support/download/"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26860",
"datePublished": "2025-10-15T06:06:41.514Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T13:17:32.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26859 (GCVE-0-2025-26859)
Vulnerability from cvelistv5 – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:22
VLAI
Summary
RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RSUPPORT CO., LTD. | RemoteView PC Application Console |
Affected:
prior to 6.0.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:22:22.411907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:22:28.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RemoteView PC Application Console",
"vendor": "RSUPPORT CO., LTD.",
"versions": [
{
"status": "affected",
"version": "prior to 6.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T06:06:04.501Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://help.rview.com/hc/en-us/articles/4420613945875-Notice-of-termination-of-RemoteView-PC-application-console-service"
},
{
"url": "https://jvn.jp/en/jp/JVN22713803/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26859",
"datePublished": "2025-10-15T06:06:04.501Z",
"dateReserved": "2025-02-17T06:50:38.580Z",
"dateUpdated": "2025-10-15T13:22:28.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}