CVE-2024-12356

Recent reporting by Help Net Security highlights a critical escalation in cyber conflict dynamics as attackers exploit a newly patched remote code execution vulnerability in BeyondTrust software. The flaw, CVE-2026-1731, shares technical similarities with CVE-2024-12356—a

🚨 A critical pre-auth RCE has been disclosed in BeyondTrust Remote Support and PRA (CVE-2026-1731, CVSS 9.9) Our intel suggests this is another websocket vuln, similar to CVE-2024-12356 🍯We have added a BeyondTrust RS honeypot stream for Defused TF 👉 https://t.co/GXFaq

🔒【注意喚起】PostgreSQLとBeyondTrustのゼロデイ脆弱性が連携して悪用され、リモートコード実行が可能となる攻撃が確認されています。  •CVE-2025-1094（PostgreSQL）: SQLインジェクションによる任意のシェルコマ

PostgreSQLのSQLインジェクション脆弱性（CVE-2025-1094）が9年以上隠れ、アメリカ財務省侵入に悪用された事例が明らかに。psqlのUTF-8処理不備が原因で、ゼロデイ（CVE-2024-12356）と連携し攻撃成功。2025年2月修正済みだが、高度な技術が必要なため広範な悪用は限定的か。

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Actively exploited CVE : CVE-2024-12356

Vulnerabilidad zero-day en PostgreSQL (CVE-2025-1094) permite inyecciones SQL, explotada junto a fallo en BeyondTrust (CVE-2024-12356) afectando al Departamento del Tesoro de EE. UU. Se recomienda actualizar a versiones 17.3, 16.7, 15.11, 14.16 y 13.19. https://t.co/qIr3RGmOec

CVE-2025-1094 is a critical SQL injection vulnerability discovered by Rapid7 during the CVE-2024-12356 investigation. It allows attackers to execute arbitrary code via PostgreSQL's interactive tool due to improperly escaped input, with a Metasploit exploit module available.

POC Released for CVE-2024-12356 https://t.co/mli4pc9tkf

PostgreSQL flaw exploited as zero-day in BeyondTrust breach CVE-2024-12356 CVE-2024-12686 #Hacking #infosec #CyberSecurity https://t.co/x6cMARhrUk

🚨 New PostgreSQL and BeyondTrust Vulnerabilities Exploited in Targeted Attacks 🚨 Recent investigations have uncovered that the same threat actors who exploited the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) zero-day (CVE-2024-12356). https://t.co/9l7wS7

CVE-2024-12356: A newly identified vulnerability with security implications. Rapid7 analysis: https://t.co/zcqFibDEBx #CyberSecurity #Vulnerability

BeyondTrust revealed that attackers breached its systems and 17 Remote Support SaaS instances in early December using two zero-day bugs (CVE-2024-12356 and CVE-2024-12686) and a stolen API key. https://t.co/DEz5kN12Ff

🚨 A significant breach at BeyondTrust exploited critical PostgreSQL vulnerabilities (CVE-2024-12356, CVE-2025-1094), compromising U.S. Treasury systems. Linked to Chinese state-backed hackers. ⚠️ #China #BeyondTrust #APIvulnerability link: https://t.co/qOW8jUtxDn https://t.co/A

Critical vulnerability CVE-2024-12356 affects BeyondTrust products, linked to an attack on the U.S. Treasury by state-sponsored Chinese actors. A PostgreSQL zero-day also discovered. 🚨 #UStreasury #ZeroDay #RemoteAccess link: https://t.co/Cf9V91VTbx https://t.co/hWHdoq8x9w

BeyondTrust reveló que por una falla de seguridad de PostgreSQL hackearon sus sistemas y 17 instancias de SaaS de soporte remoto a principios de diciembre utilizando dos errores de día cero (CVE-2024-12356 y CVE-2024-12686) y una clave API robada. 🧉 https://t.co/ggO4tCAQfc

🚨 Analysis of #PostgreSQL Zero-Day Vulnerability #CVE-2025-1094 and Its Connection to BeyondTrust #CVE-2024-12356 https://t.co/AWS4Gdm0lT

Our @metasploit exploit module for unauthenticated RCE against BeyondTrust Privileged Remote Access & Remote Support is now available. The exploit can either leverage CVE-2024-12356 and CVE-2025-1094 together, or solely leverage CVE-2025-1094 for RCE: https://t.co/iXW6RsSsDe

Today @rapid7 has disclosed CVE-2025-1094, a new PostgreSQL SQLi vuln we discovered while researching CVE-2024-12356 in BeyondTrust Remote Support. Untrusted inputs that have been safely character escaped could still generate SQLi under certain conditions: https://t.co/pfCTejv5oO

New Rapid7 vuln disclosure c/o @stephenfewer: CVE-2025-1094 is a SQL injection flaw in PostgreSQL's psql interactive tool that was discovered while analyzing BeyondTrust RS CVE-2024-12356. The bug is interesting — 🧵on its relation to BeyondTrust https://t.co/h4nuEGSGw5

🟡Thousands of BeyondTrust Systems at Risk 8,600+ BeyondTrust instances remain exposed to a critical flaw (CVE-2024-12356, CVSS 9.8) exploited by Chinese APT group Silk Typhoon. Key sectors affected: Government, Defense, Education, Research. ⚠️ Patch now or isolate vulnerable…

CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The vulnerability, tracked as CVE-2024-12356, is a command injection flaw that could be exploited by a malicious actor to run arbitrary commands as the site user. Read More: https://t.co/eyHPmM0fBF

csirt_it: ‼️ #BeyondTrust: rilevato lo sfruttamento attivo in rete delle CVE-2024-12686 e CVE-2024-12356, relative a #RemoteSupport e #PrivilegedRemoteAccess Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/dFhjeYWZCJ ⚠ Importante agg… https://t.co/WW6zMr5nl7

🚨 CISA Orders Agencies to Patch BeyondTrust Vulnerabilities 🚨 Two critical flaws in BeyondTrust's Privileged Remote Access and Remote Support software (CVE-2024-12686 & CVE-2024-12356) are being actively exploited by attackers, including Chinese state-backed group Silk… ht

CISA flags BeyondTrust vulnerabilities CVE-2024-12686 and CVE-2024-12356 as exploited by Silk Typhoon in a breach affecting the U.S. Treasury. Ensuring network security is crucial! 🔒🇺🇸 #SilkTyphoon #APIsecurity #USTreasury #CybersecurityNews link: https://t.co/jkWGxzGcoV http

米国の財務省で発生したデータ侵害：中国 APT が BeyondTrust 経由で侵入？ https://t.co/6tWBzXLQDb この、米財務省で発生したデータ侵害の前兆として、BeyondTrust の脆弱性 CVE-2024-12356 の悪用が、数多くのメディアから報道されていました。 いまのことろ、財務省と BeyondTrust… https://t.co/ikkE2edL5y

🚨 Heads up, cybersecurity pros: 8,600+ BeyondTrust instances are exposed online. Are your systems patched against CVE-2024-12356 & CVE-2024-12686? Manual checks recommended. Stay secure! #CyberSecurity #PatchNow https://t.co/SVlM1TSzyu

May the forth never be with you #gforce g0vid #treasurydepartment $napsho_t 1819 1.1T iwant from @meta just figure it out The #BeyondTrust bug, tracked under CVE-2024-12356

Suggested timely Security Copilot prompt: Tell me about CVE-2024-12356 and CVE-2024-12686 that was involved in a recent United States Treasury Department hack by China. Identify if these impact my own environment and give me the CVSS scores that I can include in a report to my… h

Chinese hackers exploit critical BeyondTrust vulnerability (CVE-2024-12356) targeting exposed systems despite recent US Treasury breach. More details here: https://t.co/t2NGnOAaxY #BeyondTrust #China #USTreasuryBreach

CVE-2024-12356 is getting exploited #inthewild. Find out more at https://t.co/3uT3uYC4yM CVE-2021-44207 is getting exploited #inthewild. Find out more at https://t.co/rBRpk3iXZi CVE-2024-3393 is getting exploited #inthewild. Find out more at https://t.co/E9g2BcF5E3

🚨 Over 8,600 BeyondTrust systems remain exposed online, with 72% in the US! A critical vulnerability (CVE-2024-12356) is being exploited by Chinese state-sponsored hackers. CVSS 9.8 🔒 #BeyondTrust #CyberThreats #USA #CybersecurityNews link: https://t.co/Mwmcim89Yy https://t.co

Threat Alert: Chinese hackers breach US treasury- third-party alert triggers cybersecurity pro CVE-2024-12356 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/f4o28axtcx #CyberSecurity #ThreatIntel #InfoSec (1/3)

💡 January 2 Advisory: Actively Exploited Vulnerability in #BeyondTrust Products [CVE-2024-12356] https://t.co/zQVudHVEDA via @censysio #infosec #cybersecurity

🚨 U.S. Treasury hacked! Suspected Chinese hackers exploited a stolen API key via BeyondTrust, accessing computers & unclassified docs. Critical flaws (CVE-2024-12356) actively exploited. Treasury works with CISA & FBI. Secure your third-party tools! #DataBreach #APT

🔴 BeyondTrust Remote Support and Privileged Remote Access (PRA) Critical Vulnerability (#CVE-2024-12356) https://t.co/Mbx7HwoMdy

🚨 Critical Alert: CVE-2024-12356 Command Injection Vulnerability in BeyondTrust RS & PRA 🚨 WIRE TOR - The Ethical Hacking Services A critical command injection vulnerability (CVE-2024-12356) has been identified in BeyondTrust Remote Support (RS) and Privileged Remote. #hac

Top 5 Trending CVEs: 1 - CVE-2024-12856 2 - CVE-2024-9047 3 - CVE-2024-3393 4 - CVE-2024-49112 5 - CVE-2024-12356 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

🚨Alert🚨CVE-2024-12356 : Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA) 🔥EXP : https://t.co/FNxvyXFucp 📊 30k+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/TAXXM2IjOa

CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the site user. https://t.co/y2D7CSRGVT