Refine your search
1 vulnerability found for RemoteView by RSUPPORT Co., Ltd.
jvndb-2025-000085
Vulnerability from jvndb
Published
2025-10-15 15:55
Modified
2025-10-15 15:55
Severity ?
Summary
Multiple RSUPPORT products may insecurely load Dynamic Link Libraries
Details
Multiple RSUPPORT products contain multiple vulnerabilities listed below.
<ul><li>RemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859</li>
<li>RemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861</li></ul>
CVE-2025-26859
Eiji James Yoshida reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2025-26860, CVE-2025-26861
Eili Masami reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
JPCERT/CC Addendum
These vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017.
The developer released the fixed versions in 2017.
The coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
"dc:date": "2025-10-15T15:55+09:00",
"dcterms:issued": "2025-10-15T15:55+09:00",
"dcterms:modified": "2025-10-15T15:55+09:00",
"description": "Multiple RSUPPORT products contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eRemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859\u003c/li\u003e\r\n\u003cli\u003eRemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2025-26859\r\nEiji James Yoshida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-26860, CVE-2025-26861\r\nEili Masami reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nJPCERT/CC Addendum\r\nThese vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017.\r\nThe developer released the fixed versions in 2017.\r\nThe coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
"sec:cpe": [
{
"#text": "cpe:/a:rsupport:remotecall",
"@product": "RemoteCall",
"@vendor": "RSUPPORT Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:rsupport:remoteview",
"@product": "RemoteView",
"@vendor": "RSUPPORT Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000085",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN22713803/index.html",
"@id": "JVN#22713803",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26859",
"@id": "CVE-2025-26859",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26860",
"@id": "CVE-2025-26860",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-26861",
"@id": "CVE-2025-26861",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple RSUPPORT products may insecurely load Dynamic Link Libraries"
}