Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Remote Code Execution In BeyondTrust Remote Support and Privileged Remote Access, Patch Immediately!
Image
Published : 19/06/2025
- Last update: 19/06/2025
- Affected software:
→ BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) versions 24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1- Type: Server-Side Template Injection leading to Remote Code Execution
- CVE/CVSS
→ CVE-2025-5309: CVSS 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
https://www.beyondtrust.com/trust-center/security-advisories/bt25-04
Risks
BeyondTrust Remote Support (RS) is a software solution that allows IT support teams to access devices, servers, and other systems remotely. Privileged Remote Access (PRA) is a security solution that manages and monitors privileged access to critical infrastructure and systems. Both products provide access to various network parts, making it crucial to secure them effectively.
A server-side template injection vulnerability was published, affecting the chat feature within the BeyondTrust RS and PRA products. Successful exploitation can lead to Remote Code Execution, causing a severe impact on the confidentiality, integrity and availability of the affected system. In the case of BeyondTrust RS, CVE-2025-5309 can be exploited by an unauthenticated attacker.
If the on-premise RS/PRA instances are not subscribed to receive automatic updates, an action is required to apply the appropriate patches to resolve the issue.
Description
CVE-2025-5309 is a server-side template injection vulnerability affecting the chat feature of the BeyondTrust RS and PRA products. The vulnerability can lead to Remote Code Execution in the context of the server due to the improper escaping of input intended for the template engine. In the case of RS, exploitation does not require authentication.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.