Search

Find a vulnerability

Search criteria

    8 vulnerabilities by RSUPPORT Co., Ltd.

    JVNDB-2025-000085

    Vulnerability from jvndb - Published: 2025-10-15 15:55 - Updated:2025-10-15 15:55
    Severity
    Summary
    Multiple RSUPPORT products may insecurely load Dynamic Link Libraries
    Details
    Multiple RSUPPORT products contain multiple vulnerabilities listed below.
    • RemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859
    • RemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861
    CVE-2025-26859 Eiji James Yoshida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2025-26860, CVE-2025-26861 Eili Masami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JPCERT/CC Addendum These vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017. The developer released the fixed versions in 2017. The coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
      "dc:date": "2025-10-15T15:55+09:00",
      "dcterms:issued": "2025-10-15T15:55+09:00",
      "dcterms:modified": "2025-10-15T15:55+09:00",
      "description": "Multiple RSUPPORT products contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eRemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859\u003c/li\u003e\r\n\u003cli\u003eRemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2025-26859\r\nEiji James Yoshida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-26860, CVE-2025-26861\r\nEili Masami reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nJPCERT/CC Addendum\r\nThese vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017.\r\nThe developer released the fixed versions in 2017.\r\nThe coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:rsupport:remotecall",
          "@product": "RemoteCall",
          "@vendor": "RSUPPORT Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:rsupport:remoteview",
          "@product": "RemoteView",
          "@vendor": "RSUPPORT Co., Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000085",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN22713803/index.html",
          "@id": "JVN#22713803",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26859",
          "@id": "CVE-2025-26859",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26860",
          "@id": "CVE-2025-26860",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26861",
          "@id": "CVE-2025-26861",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple RSUPPORT products may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2025-000016

    Vulnerability from jvndb - Published: 2025-03-06 14:27 - Updated:2025-03-10 15:22
    Severity
    Summary
    Multiple vulnerabilities in RemoteView Agent (for Windows)
    Details
    RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation.
    • Incorrect access permission of a specific service (CWE-276) - CVE-2025-22447
    • Incorrect access permission of a specific folder (CWE-276) - CVE-2025-24864
    Yuya Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000016.html",
      "dc:date": "2025-03-10T15:22+09:00",
      "dcterms:issued": "2025-03-06T14:27+09:00",
      "dcterms:modified": "2025-03-10T15:22+09:00",
      "description": "RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd.\r\nOn the remote PCs should be installed RemoteView Agent.\r\nThe following vulnerabilities are reported on RemoteView Agent installation.\u003cul\u003e\u003cli\u003eIncorrect access permission of a specific service (CWE-276) - CVE-2025-22447\u003c/li\u003e\u003cli\u003eIncorrect access permission of a specific folder (CWE-276) - CVE-2025-24864\u003c/li\u003e\u003c/ul\u003e\r\nYuya Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000016.html",
      "sec:cpe": {
        "#text": "cpe:/a:rsupport:remoteview-agent",
        "@product": "RemoteView Agent",
        "@vendor": "RSUPPORT Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000016",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN24992507/index.html",
          "@id": "JVN#24992507",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-22447",
          "@id": "CVE-2025-22447",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-24864",
          "@id": "CVE-2025-24864",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in RemoteView Agent (for Windows)"
    }

    CVE-2025-26861 (GCVE-0-2025-26861)

    Vulnerability from nvd – Published: 2025-10-15 06:07 – Updated: 2025-10-15 17:15
    VLAI
    Summary
    RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:13:16.777475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:15:33.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteCall Remote Support Program (for Operator)",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:07:01.220Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.remotecall.com/en/support/download/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26861",
        "datePublished": "2025-10-15T06:07:01.220Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T17:15:33.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26860 (GCVE-0-2025-26860)

    Vulnerability from nvd – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:17
    VLAI
    Summary
    RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T13:17:24.811309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T13:17:32.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteCall Remote Support Program (for Operator)",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 5.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:06:41.514Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.remotecall.com/en/support/download/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26860",
        "datePublished": "2025-10-15T06:06:41.514Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T13:17:32.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26859 (GCVE-0-2025-26859)

    Vulnerability from nvd – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:22
    VLAI
    Summary
    RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T13:22:22.411907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T13:22:28.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteView PC Application Console",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:06:04.501Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://help.rview.com/hc/en-us/articles/4420613945875-Notice-of-termination-of-RemoteView-PC-application-console-service"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26859",
        "datePublished": "2025-10-15T06:06:04.501Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T13:22:28.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26861 (GCVE-0-2025-26861)

    Vulnerability from cvelistv5 – Published: 2025-10-15 06:07 – Updated: 2025-10-15 17:15
    VLAI
    Summary
    RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:13:16.777475Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:15:33.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteCall Remote Support Program (for Operator)",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 5.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:07:01.220Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.remotecall.com/en/support/download/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26861",
        "datePublished": "2025-10-15T06:07:01.220Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T17:15:33.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26860 (GCVE-0-2025-26860)

    Vulnerability from cvelistv5 – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:17
    VLAI
    Summary
    RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T13:17:24.811309Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T13:17:32.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteCall Remote Support Program (for Operator)",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 5.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:06:41.514Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.remotecall.com/en/support/download/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26860",
        "datePublished": "2025-10-15T06:06:41.514Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T13:17:32.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26859 (GCVE-0-2025-26859)

    Vulnerability from cvelistv5 – Published: 2025-10-15 06:06 – Updated: 2025-10-15 13:22
    VLAI
    Summary
    RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T13:22:22.411907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T13:22:28.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RemoteView PC Application Console",
              "vendor": "RSUPPORT CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 6.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T06:06:04.501Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://help.rview.com/hc/en-us/articles/4420613945875-Notice-of-termination-of-RemoteView-PC-application-console-service"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN22713803/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26859",
        "datePublished": "2025-10-15T06:06:04.501Z",
        "dateReserved": "2025-02-17T06:50:38.580Z",
        "dateUpdated": "2025-10-15T13:22:28.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }