Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Remote Support(RS) & Privileged Remote Access(PRA) by BeyondTrust

    CVE-2026-1731 (GCVE-0-2026-1731)

    Vulnerability from nvd – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04
    VLAI CISA ENISA KEVIntel
    Title
    Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
    Summary
    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 0 , ≤ RS 25.3.1 (custom)
    Affected: 0 , ≤ PRA 24.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1731",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-14T04:55:25.328322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:15.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/win3zz/CVE-2026-1731"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
              },
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-13T00:00:00.000Z",
                "value": "CVE-2026-1731 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "RS 25.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "PRA 24.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T21:49:20.844Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1731",
        "datePublished": "2026-02-06T21:49:20.844Z",
        "dateReserved": "2026-01-31T23:54:56.922Z",
        "dateUpdated": "2026-02-26T15:04:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5309 (GCVE-0-2025-5309)

    Vulnerability from nvd – Published: 2025-06-16 16:06 – Updated: 2026-02-26 17:50
    VLAI
    Title
    Remote Support & Privileged Remote Access server side template injection
    Summary
    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote support & Privileged Remote Access Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.3 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.4 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Jorren Geurts of Resillion
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-19T03:55:07.428165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote support \u0026 Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.3",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.4",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jorren Geurts of Resillion"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T23:11:53.479Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Support \u0026 Privileged Remote Access server side template injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-5309",
        "datePublished": "2025-06-16T16:06:14.413Z",
        "dateReserved": "2025-05-28T17:50:50.656Z",
        "dateUpdated": "2026-02-26T17:50:35.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12686 (GCVE-0-2024-12686)

    Vulnerability from nvd – Published: 2024-12-18 20:23 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
    Summary
    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-18 19:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12686",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T15:32:45.601180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-13T00:00:00.000Z",
                "value": "CVE-2024-12686 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-18T19:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T20:23:57.909Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12686",
        "datePublished": "2024-12-18T20:23:57.909Z",
        "dateReserved": "2024-12-16T18:58:57.921Z",
        "dateUpdated": "2025-10-21T22:55:34.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-1731 (GCVE-0-2026-1731)

    Vulnerability from cvelistv5 – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04
    VLAI CISA ENISA KEVIntel
    Title
    Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
    Summary
    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 0 , ≤ RS 25.3.1 (custom)
    Affected: 0 , ≤ PRA 24.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1731",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-14T04:55:25.328322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:15.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/win3zz/CVE-2026-1731"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
              },
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-13T00:00:00.000Z",
                "value": "CVE-2026-1731 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "RS 25.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "PRA 24.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T21:49:20.844Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1731",
        "datePublished": "2026-02-06T21:49:20.844Z",
        "dateReserved": "2026-01-31T23:54:56.922Z",
        "dateUpdated": "2026-02-26T15:04:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5309 (GCVE-0-2025-5309)

    Vulnerability from cvelistv5 – Published: 2025-06-16 16:06 – Updated: 2026-02-26 17:50
    VLAI
    Title
    Remote Support & Privileged Remote Access server side template injection
    Summary
    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote support & Privileged Remote Access Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.3 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.4 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Jorren Geurts of Resillion
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-19T03:55:07.428165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote support \u0026 Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.3",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.4",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jorren Geurts of Resillion"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T23:11:53.479Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Support \u0026 Privileged Remote Access server side template injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-5309",
        "datePublished": "2025-06-16T16:06:14.413Z",
        "dateReserved": "2025-05-28T17:50:50.656Z",
        "dateUpdated": "2026-02-26T17:50:35.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-12686 (GCVE-0-2024-12686)

    Vulnerability from cvelistv5 – Published: 2024-12-18 20:23 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
    Summary
    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-18 19:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12686",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T15:32:45.601180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-13T00:00:00.000Z",
                "value": "CVE-2024-12686 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-18T19:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T20:23:57.909Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12686",
        "datePublished": "2024-12-18T20:23:57.909Z",
        "dateReserved": "2024-12-16T18:58:57.921Z",
        "dateUpdated": "2025-10-21T22:55:34.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }