Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
BeyondTrust Tools RCE Vulnerability Let Attackers Execute Arbitrary Code

BeyondTrust Tools RCE Vulnerability Let Attackers Execute Arbitrary Code

Posted on June 17, 2025June 17, 2025 By CWS

A high-severity distant code execution vulnerability has been recognized in BeyondTrust’s Distant Help and Privileged Distant Entry platforms, probably permitting attackers to execute arbitrary code on affected methods. 

The vulnerability, tracked as CVE-2025-5309, carries a CVSSv4 rating of 8.6 and was responsibly disclosed by safety researcher Jorren Geurts of Resillion. 

Server-Aspect Template Injection 

The vulnerability stems from a Server-Aspect Template Injection (SSTI) flaw categorized beneath CWE-94, which impacts the chat function inside each Distant Help (RS) and Privileged Distant Entry (PRA) parts. 

The CVSSv4 vector AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N signifies that the vulnerability might be exploited over the community with low complexity and requires no privileges, although person interplay is important. 

The underlying concern happens as a result of the affected methods fail to correctly escape person enter meant for the template engine, creating a chance for malicious template injection. 

What makes this vulnerability notably regarding is that exploitation of Distant Help methods doesn’t require authentication, considerably decreasing the barrier for potential attackers. 

The template injection mechanism permits attackers to inject malicious code that will get processed by the server-side template engine, in the end resulting in arbitrary code execution within the context of the weak server.

The vulnerability impacts a number of variations of each Distant Help and Privileged Distant Entry platforms, particularly variations 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1. 

Organizations operating these affected variations are vulnerable to having their methods compromised by the chat performance. 

The excessive CVSS rating displays the extreme potential influence, with the vulnerability enabling attackers to realize excessive confidentiality, integrity, and availability influence on weak methods. 

Threat FactorsDetailsAffected ProductsRemote Help and Privileged Distant Entry platforms variations 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1. ImpactRemote Code Execution (RCE) by way of Server-Aspect Template InjectionExploit PrerequisitesUnauthenticated community entry to Public PortalCVSS 3.1 Score8.6 (Excessive)

Mitigations

BeyondTrust has responded swiftly to deal with this vulnerability, routinely making use of patches to all Distant Help and Privileged Distant Entry cloud prospects as of June 16, 2025. 

On-premise prospects should manually apply the suitable patches except their situations are configured for automated updates by the /equipment interface. 

For Distant Help methods, the patches embody HELP-10826-2 for variations 24.2.2 to 24.2.4 and 24.3.1 to 24.3.3, and HELP-10826-1 for model 25.1.1. 

Privileged Distant Entry customers ought to improve to model 25.1.2 or apply the corresponding HELP-10826 patches for his or her particular variations. 

Organizations unable to right away apply patches can implement non permanent mitigation measures, together with enabling SAML authentication for the Public Portal and implementing session key utilization by making certain Session Keys are enabled whereas disabling the Consultant Record and Subject Submission Survey options. 

These interim controls assist scale back the assault floor whereas organizations plan their patching schedules. Safety groups ought to prioritize these updates given the excessive severity score and the potential for unauthenticated exploitation in Distant Help environments.

Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry

Cyber Security News Tags:Arbitrary, Attackers, BeyondTrust, Code, Execute, RCE, Tools, Vulnerability

Post navigation

Previous Post: Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Next Post: LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

Related Posts

Enhancing SOC Triage Efficiency with ANY.RUN Enhancing SOC Triage Efficiency with ANY.RUN Cyber Security News
Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks Cyber Security News
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications Cyber Security News
Critical Vulnerability in Paloalto Cortex XDR Broker Critical Vulnerability in Paloalto Cortex XDR Broker Cyber Security News
Hackers Attacking Remote Desktop Protocol Services from 100,000+ IP Addresses Hackers Attacking Remote Desktop Protocol Services from 100,000+ IP Addresses Cyber Security News
Phishing Threat Targets Signal Users for Backup Access Phishing Threat Targets Signal Users for Backup Access Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Dell Patches Critical PowerProtect Flaws Allowing Remote Access
  • Windows Bind Link Exploits Bypass EDR Detection
  • Critical Security Updates Released for Major Software
  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Dell Patches Critical PowerProtect Flaws Allowing Remote Access
  • Windows Bind Link Exploits Bypass EDR Detection
  • Critical Security Updates Released for Major Software
  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark