Unrated severityCISA KEVNVD Advisory· Published May 23, 2024· Updated Oct 21, 2025

Malicious Code in Justice AV Solutions (JAVS) Viewer

CVE-2024-4978

Description

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

Affected products

Justice AV Solutions/Viewerv5
Range: 8.3.7.250

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

twitter.com/2RunJack2/status/1775052981966377148mitre
www.javs.com/downloads/mitre
www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000