JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege

JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege

Posted on By CWS

The JumpCloud Distant Help vulnerability (CVE-2025-34352) exposes Home windows methods to native privilege escalation and denial-of-service assaults. Found by XM Cyber researcher Hillel Pinto, the flaw stems from insecure file operations within the agent’s uninstaller.​

The JumpCloud Distant Help for Home windows agent, variations previous to 0.317.0, runs as NT AUTHORITYSYSTEM and performs file create, write, delete, and execute actions within the user-controlled %TEMP% listing with out correct validation.

This permits low-privileged native attackers to leverage symbolic hyperlinks or mount factors for arbitrary file manipulation. JumpCloud, a cloud listing service utilized by over 180,000 organizations, deploys this agent on managed endpoints to implement insurance policies and help distant entry.​

XM Cyber evaluation reveals the primary JumpCloud agent triggers Distant Help uninstallation throughout its personal elimination course of. The uninstaller checks for recordsdata like Un_A.exe in %TEMP%~nsuA.tmp, deleting present ones earlier than writing and executing new content material.

Attackers can pre-create this listing with weak permissions, redirecting operations by way of hyperlink following (CWE-59) or short-term file points (CWE-378). Reverse engineering, aided by Go binary metadata restoration, traces the trail development from surroundings variables to execution.​

For DoS, attackers create a mount level from %TEMP%~nsuA.tmp to a system listing like RPCControl, then symlink Un_A.exe to overwrite drivers similar to cng.sys, triggering crashes.

Privilege escalation makes use of a TOCTOU race with oplocks on C:Config.Msi, redirecting deletes to allow SYSTEM shell by way of Home windows Installer tips. These primitives grant persistent endpoint management, amplifying dangers in enterprise environments.​

Organizations should improve to JumpCloud Distant Help 0.317.0 or later instantly. Safety groups ought to audit brokers for operations in user-writable paths, implement ACLs on temp directories, and monitor for uninstall triggers. JumpCloud confirmed the problem post-disclosure and launched the repair promptly.​

Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Top 10 Best Fraud Prevention Companies in 2025 Top 10 Best Fraud Prevention Companies in 2025 Cyber Security News
OpenAI Set to Acquire Analytics Platform Statsig in .1 Billion Agreement OpenAI Set to Acquire Analytics Platform Statsig in $1.1 Billion Agreement Cyber Security News
Threat Actors Exploitation Attempts Spikes as an Early Indicator of New Cyber Vulnerabilities Threat Actors Exploitation Attempts Spikes as an Early Indicator of New Cyber Vulnerabilities Cyber Security News
Scattered Lapsus$ Hunters Launched a New Leak Site to Release Data Stolen from Salesforce Instances Scattered Lapsus$ Hunters Launched a New Leak Site to Release Data Stolen from Salesforce Instances Cyber Security News
Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools Threat Actors Weaponizing Windows Scheduled Tasks to Establish Persistence Without Requiring Extra Tools Cyber Security News
French Football Federation Reports Data Breach French Football Federation Reports Data Breach Cyber Security News