JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover

A vulnerability in JumpCloud Remote Assist for Windows could allow attackers to escalate privileges and potentially take over endpoints.

The bug exists because, during uninstall and update operations, the application invokes an uninstaller that performs privileged operations on a directory the user controls.

The flaw, tracked as CVE-2025-34352 (CVSS score of 8.5), can be triggered during the removal or update of the JumpCloud Agent.

“The Remote Assist uninstaller performs privileged create, write, execute, and delete actions on predictable files inside a user-writable %TEMP% subdirectory without validating that the directory is trusted or resetting its ACLs when it already exists,” a NIST advisory reads.

This enables an unprivileged local attacker to pre-create the directory, on which the uninstaller then performs operations with NT AUTHORITY\SYSTEM privileges.

According to XM Cyber, which identified the vulnerability, attackers can rely on symbolic links and mount-point redirections to trick the uninstaller into performing operations ...