Vulnerability cyber

BeyondTrust

Jun 17, 2025 1 min read
BeyondTrust

A high-severity remote code execution vulnerability has been identified in BeyondTrust’s Remote Support and Privileged Remote Access platforms. The vulnerability, tracked as CVE-2025-5309, allows attackers to execute arbitrary code on affected systems. The flaw stems from a Server-Side Template Injection (SSTI) issue, which affects the chat feature within both platforms. The CVSSv4 score of 8.6 indicates the vulnerability can be exploited over the network with low complexity and requires no privileges, though user interaction is necessary. The underlying issue occurs because the affected systems fail to properly escape user input intended for the template engine, creating an opportunity for malicious template injection. Organizations running affected versions are at risk of having their systems compromised through the chat functionality.

Source: https://cybersecuritynews.com/beyondtrust-tools-rce-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/beyondtrust

"id": "bey602061725",
"linkid": "beyondtrust",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'BeyondTrust',
                        'type': 'Organization'}],
 'attack_vector': 'Server-Side Template Injection (SSTI)',
 'description': 'A high-severity remote code execution vulnerability has been '
                'identified in BeyondTrust’s Remote Support and Privileged '
                'Remote Access platforms, potentially allowing attackers to '
                'execute arbitrary code on affected systems.',
 'impact': {'systems_affected': ['Remote Support', 'Privileged Remote Access']},
 'initial_access_broker': {'entry_point': 'Public Portal'},
 'post_incident_analysis': {'root_causes': 'Failure to properly escape user '
                                           'input intended for the template '
                                           'engine'},
 'references': [{'source': 'BeyondTrust Security Advisory'}],
 'response': {'containment_measures': ['Enable SAML authentication for the '
                                       'Public Portal',
                                       'Enforce session key usage',
                                       'Disable Representative List and Issue '
                                       'Submission Survey features'],
              'remediation_measures': ['Apply patches HELP-10826-2 for '
                                       'versions 24.2.2 to 24.2.4 and 24.3.1 '
                                       'to 24.3.3',
                                       'Apply patch HELP-10826-1 for version '
                                       '25.1.1',
                                       'Upgrade to version 25.1.2 for '
                                       'Privileged Remote Access']},
 'title': "Remote Code Execution Vulnerability in BeyondTrust's Remote Support "
          'and Privileged Remote Access',
 'type': 'Remote Code Execution',
 'vulnerability_exploited': 'CVE-2025-5309'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.