Sandbox Failure Leaves Malware Exposed
CVE-2024-25091

Currently unrated

Key Information:

Vendor: J's Communications Co., Ltd.
Status: Revoworks Scvx; Revoworks Browser
Vendor: CVE Published:; 1 March 2024

🔔 Create J's Communications Co., Ltd. Vulnerability Alert

What is CVE-2024-25091?

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment.

Affected Version(s)

RevoWorks Browser prior to 2.2.95

RevoWorks SCVX prior to scvimage4.10.21_1013

References

https://jscom.jp/news-20240229/

https://jvn.jp/en/jp/JVN35928117/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 5, 2024

CVE-2024-25091 Data

JSON