CVE-2025-26860 is a vulnerability classified as an uncontrolled search path element in the RemoteCall Remote Support Program (for Operator) developed by RSUPPORT CO., LTD. This vulnerability affects all versions prior to 5.1.0. The issue arises because the application loads DLLs from its own directory without validating the source or path, allowing an attacker to place a malicious DLL alongside the executable. When the application loads this crafted DLL, it results in arbitrary code execution under the context of the user running the program. The vulnerability requires local access to the system and user interaction to trigger the exploit, but does not require elevated privileges or prior authentication. The CVSS v3.0 base score is 7.8, reflecting high severity due to the potential for full compromise of confidentiality, integrity, and availability. Although no public exploits are currently known, the vulnerability poses a significant risk if an attacker can deliver the malicious DLL to the target environment. The flaw is typical of DLL search order hijacking issues, which can be exploited in environments where users have write access to application directories or where attackers can influence file placement. The vulnerability was reserved in February 2025 and published in October 2025, indicating recent discovery and disclosure. No official patches or mitigation links were provided in the source data, but upgrading to version 5.1.0 or later is implied as the fix.

For European organizations, the impact of CVE-2025-26860 can be substantial, especially for those relying on RemoteCall for remote support and IT operations. Successful exploitation can lead to arbitrary code execution, allowing attackers to compromise system confidentiality by accessing sensitive data, integrity by modifying or injecting malicious code, and availability by disrupting services or deploying ransomware. This is particularly critical for sectors such as finance, healthcare, government, and critical infrastructure where remote support tools are commonly used. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, as attackers may leverage social engineering or insider threats to deliver the malicious DLL. The vulnerability could also be chained with other exploits to escalate privileges or move laterally within networks. Given the high CVSS score and potential for full system compromise, organizations face risks of data breaches, operational disruption, and reputational damage.

To mitigate CVE-2025-26860, European organizations should prioritize upgrading the RemoteCall Remote Support Program to version 5.1.0 or later, where the vulnerability is addressed. Until the upgrade is applied, organizations should restrict write permissions on directories containing the RemoteCall executable to prevent unauthorized DLL placement. Implement application whitelisting and integrity monitoring to detect unauthorized changes in application folders. Educate users and administrators about the risks of executing unknown files or accepting unexpected prompts during remote support sessions. Employ endpoint protection solutions capable of detecting DLL hijacking attempts. Network segmentation and strict access controls can limit local access to systems running the vulnerable software. Regularly audit and monitor logs for suspicious activity related to RemoteCall processes. If possible, disable or limit the use of RemoteCall on systems where it is not essential. Finally, maintain an incident response plan to quickly address any exploitation attempts.