A crucial safety vulnerability affecting the JumpCloud Distant Help for Home windows agent has been recognized, exposing managed endpoints to native privilege escalation and denial-of-service (DoS) assaults.
The flaw, tracked as CVE-2025-34352, impacts all variations of the agent launched earlier than 0.317.0 and stems from unsafe file operations carried out throughout uninstallation.
The problem, found by cybersecurity researchers at XM Cyber, permits any low-privileged native person to control file write and delete operations carried out by the agent, which runs with NT AUTHORITYSYSTEM privileges.
By abusing predictable file names and user-writable directories, an attacker can acquire full management of a Home windows system or render it unusable.
Why the Danger is Important
The vulnerability was uncovered throughout evaluation of the JumpCloud agent’s uninstallation workflow.
When the first agent is eliminated, it routinely triggers the elimination of the Distant Help part. This secondary uninstaller performs a number of file operations contained in the Home windows %TEMP% listing, a location absolutely managed by commonplace customers.
As a result of the uninstaller deletes, writes and executes information from this listing whereas working as SYSTEM, it turns into weak to link-following assaults. Symbolic hyperlinks and mount factors can redirect these privileged operations towards protected system areas.
JumpCloud is a cloud-based id and system administration platform utilized by greater than 180,000 organizations throughout 160 international locations. Its Home windows agent is deployed broadly and operates with the very best system privileges to implement insurance policies and handle units.
Profitable exploitation of this flaw offers an attacker persistent SYSTEM-level entry to the endpoint.
In a single situation noticed by XM Cyber, arbitrary file writes corrupted crucial Home windows drivers, leading to repeated blue display screen crashes. In one other, attackers might delete protected system directories and leverage commonplace Home windows Installer conduct to acquire a SYSTEM shell.
Disclosure and Mitigation
The problem was responsibly disclosed to JumpCloud, which validated the findings and launched a patched model of the Distant Help agent. Organizations working affected variations are suggested to replace instantly.
A JumpCloud spokesperso advised Infosecurity, “JumpCloud was conscious of a safety vulnerability (CVE-2025-34352) found and patched in an older model of JumpCloud’s Distant Help Agent (RAA). Guaranteeing our prospects’ environments are safe is our highest precedence, so JumpCloud routinely upgraded all prospects’ RAA variations to 0.319.0 in late October. “
Following the improve, JumpCloud carried out a complete audit and confirmed all buyer environments had the patch utilized.
The XM Cyber analysis additionally highlights a broader safety lesson for enterprises: Privileged brokers ought to keep away from interacting with user-writable paths until entry controls are explicitly hardened.
Even long-known weaknesses in installer logic can present a direct path to full system compromise when embedded in broadly deployed administration software program.
I really enjoy reading this article, such an excellent piece, continue the good work, do you post often? you just got a fun from the eiffel tower paris. we are the best guide for paris eiffel tower. visit our site at https://eiffeltower-ticketparis.com/. thank you hope to hear from you.
Çok işime yaradı bende bunu nasıl yapacağımı araştırıyorum. Paylaşım için teşekkür ederim.
Pretty! This has been a really wonderful post. Many thanks for providing these details.
i really enjoy reading such a greate article, keep up the wonderful work, check out my site at eiffeltower-ticketparis.com