PT-2025-25569 · Unknown · Remote Support+1
Jorren Geurts
·
Published
2025-06-16
·
Updated
2025-06-20
·
CVE-2025-5309
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BeyondTrust Remote Support and Privileged Remote Access (affected versions not specified)
Description
The chat feature within Remote Support and Privileged Remote Access is vulnerable to a Server-Side Template Injection vulnerability, which can lead to remote code execution. This issue has been exploited by Chinese-backed hackers targeting U.S. agencies. It is estimated that over 1.2 million services are potentially affected. The vulnerability allows unauthenticated attackers to execute code remotely via a Server-Side Template Injection flaw in the chat feature.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Privileged Remote Access
Remote Support