XM Cyber has identified a serious vulnerability, CVE-2025-34352, in the JumpCloud Remote Assist for Windows agent, specifically in versions earlier than 0.317.0. This flaw allows low-privileged local users to exploit insecure file operations handled by the agent, which runs with NT AUTHORITY\SYSTEM privileges. The vulnerability can lead to Local Privilege Escalation (LPE) or Denial of Service (DoS). Users are urged to upgrade to version 0.317.0 or newer immediately to mitigate the risk. The core of the problem lies in the JumpCloud agent's uninstaller, which improperly performs file operations in the Windows %TEMP% directory. Attackers can use symbolic links to redirect the uninstaller's actions towards sensitive system files. For instance, they can write arbitrary data to critical system drivers or delete essential files, leading to a complete system crash or gaining full administrative control. The exploitation process involves techniques like creating mounting points and leveraging race conditions to manipulate the uninstaller’s operations. XM Cyber's analysis highlights the dangerous intersection of privileged processes acting on user-controlled paths, a common security pitfall. The research underscores that tools meant to enhance security can become vulnerabilities if not properly managed. Users who rely on JumpCloud must take immediate action to secure their systems against this exploit.