A critical Server-Side Template Injection (SSTI) vulnerability (CVE-2025-5309) in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) solutions enables unauthenticated attackers to execute arbitrary code on affected systems.
Rated 8.6 CVSSv4 (High severity), this flaw impacts on-premise installations running versions 24.2.2–25.1.1, with cloud instances already patched as of June 16, 2025.
The vulnerability stems from improper input sanitization in the chat feature’s template engine.
Attackers can inject malicious payloads like {{7*7}} to test template evaluation or escalate to RCE using crafted expressions such as:
python{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}
This allows execution of OS commands via the server’s context, bypassing authentication in RS instances.
The CWE-94 weakness highlights improper control of code generation during template rendering.
| Metric | Rating |
|---|---|
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privileges Required (PR) | None |
| User Interaction (UI) | Active |
| Confidentiality (VC) | High |
| Integrity (VI) | High |
| Availability (VA) | High |
| Base Score | 8.6 |
The CVSSv4 vector AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H reflects widespread exploitability due to network accessibility and low attack barriers.
BeyondTrust released patches (HELP-10826-1/2) for on-premise installations, with fixed versions including:
| Product | Patched Versions |
|---|---|
| Remote Support | 24.2.4+, 24.3.3+, 25.1.1+ |
| Privileged Remote Access | 24.2.4+, 24.3.3+, 25.1.2+ |
For unpatched systems, administrators should:
/appliance interfaces for update complianceSecurity teams are advised to audit template rendering logic in custom applications, referencing PortSwigger’s SSTI detection methodology.
This vulnerability underscores the risks of insufficient input validation in template engines, particularly in privileged access tools.
Organizations using affected BeyondTrust products should prioritize patch deployment and review authentication workflows to prevent exploitation.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post BeyondTrust Tools RCE Vulnerability Allows Attackers to Execute Arbitrary Code appeared first on Cyber Security News.
It's been over a week since all of the episodes for season 2 of Netflix's…
Loads of amazing third-party Nintendo Switch 2 games are currently discounted as part of the…
Ten months ago Panasonic announced an investment in its Cardiff and Budapest services and solutions…
Most companies think they’re AI-ready. Unfortunately, they’re not even close. In the latest Enterprise Times…
Alkira has delivered a business update as it closes its latest fiscal year. The announcement…
Nintex, a provider in agentic business orchestration has launched Nintex Agent Designer and Nintex Orchestration.…
This website uses cookies.