JVN#24992507: Multiple vulnerabilities in RemoteView Agent (for Windows)

Overview

RemoteView Agent (for Windows) provided by RSUPPORT Co.,Ltd. contains multiple vulnerabilities.

Products Affected

RemoteView Agent (for Windows) versions prior to v8.1.5.2

Description

RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd.
On the remote PCs should be installed RemoteView Agent.
The following vulnerabilities are reported on RemoteView Agent installation.

Incorrect access permission of a specific service（CWE-276）
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-22447
Incorrect access permission of a specific folder（CWE-276）
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-24864

Impact

By exploiting either vulnerability, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege (CVE-2025-22447, CVE-2025-24864).

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.

Vendor Status

Vendor	Link
RSUPPORT Co.,Ltd.	[Unscheduled Update] RemoteView Update Completed on February 13, 2025 (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuya Asato of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2025-22447
	CVE-2025-24864
JVN iPedia	JVNDB-2025-000016

JVN#24992507 Multiple vulnerabilities in RemoteView Agent (for Windows)