CVE-2025-34352— JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34352
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory
Source: NVD (National Vulnerability Database)
Vulnerability Description
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists. A local, low-privileged attacker can pre-create the directory with weak permissions and leverage mount-point or symbolic-link redirection to (a) coerce arbitrary file writes to protected locations, leading to denial of service (e.g., by overwriting sensitive system files), or (b) win a race to redirect DeleteFileW() to attacker-chosen targets, enabling arbitrary file or folder deletion and local privilege escalation to SYSTEM. This issue is fixed in JumpCloud Remote Assist 0.317.0 and affects Windows systems where Remote Assist is installed and managed through the Agent lifecycle.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
创建拥有不安全权限的临时文件
Source: NVD (National Vulnerability Database)
Vulnerability Title
JumpCloud Remote Assist 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JumpCloud Remote Assist是美国JumpCloud公司的一个远程访问模块。 JumpCloud Remote Assist 0.317.0之前版本存在安全漏洞,该漏洞源于卸载程序执行特权操作时未验证目录信任,可能导致任意文件写入或删除和本地权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| JumpCloud Inc. | Remote Assist | 0 ~ 0.317.0 | - |
II. Public POCs for CVE-2025-34352
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34352
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-378
- CVE-2026-33572
OpenClaw < 2026.2.17 - Insufficient File Permissions in Sess - CVE-2026-4822
Enter Software Iperius Backup Backup Service temp file - CVE-2025-46685
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-46684
Dell SupportAssist OS Recovery 安全漏洞 - CVE-2025-7647
Insecure Temporary File Handling in run-llama/llama_index
V. Comments for CVE-2025-34352
No comments yet