CVE-2025-26861 HIGH

CVE-2025-26861

Vendor Rsupport Co., Ltd.
Product RemoteCall Remote Support Program (for Operator)
Weakness CWE-427
Published October 15, 2025
Last update October 15, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution.

Key dates

02Disclosure timeline

October 15, 2025 CVE published
October 15, 2025 Record updated