BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access

A critical vulnerability in BeyondTrust remote access tools could lead to code injection

Threat ID:: CC-4673
Threat Severity:: Medium
Published:: 19 June 2025 2:51 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A critical vulnerability in BeyondTrust remote access tools could lead to code injection

Affected platforms

The following platforms are known to be affected:

BeyondTrust Remote Support

24.2.2 to 24.2.4
24.3.1 to 24.3.3
25.1.1

BeyondTrust Privileged Remote Access

24.2.2 to 24.2.4
24.3.1 to 24.3.3
25.1.1

Threat details

Introduction

BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments.

CVE-2025-5309 is an 'improper control of generation of code' vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.

Remediation advice

Affected organisations are encouraged to review the BeyondTrust Security Advisory BT25-04, and apply the relevant updates.

Definitive source of threat updates

https://www.beyondtrust.com/trust-center/security-advisories/bt25-04

CVE Vulnerabilities

Status Published

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

Last edited: 19 June 2025 2:51 pm