530/68 Wednesday, December 17, 2025
Security researchers have warned of a serious vulnerability in JumpCloud Remote Assist for Windows, tracked as CVE-2025-34352 with a CVSS score of 8.5. The flaw allows a low-privileged local user to escalate privileges to SYSTEM, enabling full compromise of the affected endpoint. The issue stems from insecure handling of temporary files during the application’s update or uninstallation process.
The attack scenario involves tricking the software into operating on what it believes are legitimate temporary files, which are in fact redirected to critical Windows system files. As a result, an attacker can execute malicious commands with elevated privileges, gain full control of the system, or modify and delete system files—potentially causing Blue Screen of Death (BSOD) errors and rendering the system unusable.
JumpCloud has released a fix for this vulnerability in Remote Assist version 0.317.0. Organizations and administrators using the affected software are strongly advised to verify their installations and upgrade to the latest version immediately to mitigate the risk of exploitation.
Source https://www.securityweek.com/jumpcloud-remote-assist-vulnerability-can-expose-systems-to-takeover/
