CVE-2025-0217

Published May 5, 2025

Last updated 4 months ago

CVSS high 7.3
Beyondtrust

Overview

Description
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
Source
13061848-ea10-403d-bd75-c83a022c2891
NVD status
Modified
Products
privileged_remote_access

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

13061848-ea10-403d-bd75-c83a022c2891
CWE-287

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-0217 🔴 HIGH (7.3) 🏢 BeyondTrust - Privileged Remote Access 🏗️ 0 🔗 https://t.co/gCZxdueyyw #CyberCron #VulnAlert #InfoSec https://t.co/wXFVC0LZmG

    @cybercronai

    7 May 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. https://t.co/vFNkdQwQY7 BeyondTrust PRA connection takeover - CVE-2025-0217

    @CALIVEDATA

    6 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass CVE-2025-0217 flaw in BeyondTrust PRA allows session hijacking via local auth bypass. Upgrade to version 25.1+ to prevent exploitation. https://t.co/AAkAYj37L7

    @the_yellow_fall

    5 May 2025

    292 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. CVE-2025-0217 BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connectio… https://t.co/MOxnjN5jNp

    @CVEnew

    5 May 2025

    253 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityCVE-2026-1731
  2. Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.CVE-2025-6250
  3. Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.CVE-2025-2297
  4. The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.CVE-2025-5309
  5. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection VulnerabilityCVE-2024-12686

References

Sources include official advisories and independent security research.