- Description
- The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
- Source
- 13061848-ea10-403d-bd75-c83a022c2891
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- 13061848-ea10-403d-bd75-c83a022c2891
- CWE-94
- Hype score
- Not currently trending
CVE-2025-5309 - Beyond Trust Product: Remote Support attack technique: template injection (server-side)
@ghostbugste
19 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-5309:Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature 🧐Credit by Jorren Geurts: https://t.co/91kykN4Tv3 📊1.2M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/AIULqzBHna
@HunterMapping
19 Jun 2025
3705 Impressions
21 Retweets
67 Likes
21 Bookmarks
2 Replies
1 Quote
BeyondTrust warns of pre-auth RCE in Remote Support software BeyondTrust has patched a high-severity vulnerability (CVE-2025-5309) in its Remote Support (RS) and Privileged Remote Access (PRA) tools that could allow unauthenticated remote code execution via a server-side https:/
@dCypherIO
18 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust warns of a critical pre-auth RCE vulnerability (CVE-2025-5309) in Remote Support and Privileged Remote Access software, exploited by Chinese-backed hackers targeting U.S. agencies. Patches released by June 2025. ⚠️ #CyberRisk #China https://t.co/HsIyrfOHIX
@TweetThreatNews
18 Jun 2025
113 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical alert: BeyondTrust Remote Support has a pre-auth RCE flaw (CVE-2025-5309) allowing attackers to take over systems. Cloud instances are patched, but on-prem users must update now. Already exploited in ransomware attacks. Patch ASAP! https://t.co/sw4oID6mCW
@RedTeamNewsBlog
18 Jun 2025
129 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
BeyondTrust's platforms are under fire—a new flaw (CVE-2025-5309) lets attackers run code remotely without any credentials. Are your systems patched up? Discover what you need to know. https://t.co/6rrCKedxnh
@DefendOpsHQ
18 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam and BeyondTrust have patched critical vulnerabilities allowing remote code execution, including CVE-2025-5309 in BeyondTrust's chat feature and CVE-2025-23121 in Veeam. Stay updated to stay protected. 🛡️ #SecurityAlert #VeeamUK #TechFixes https://t.co/XDfCoaXbFM
@TweetThreatNews
18 Jun 2025
32 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ RCE Alert: CVE-2025-5309 impacts BeyondTrust RS & PRA. Unauth SSTI exploit allows code execution on vulnerable servers. 🔧 Patches available on-prem users must act now. 🔗https://t.co/6chSfivabX #Infosec #RCE #CVE2025 https://t.co/K7LSZi11YD
@threatsbank
17 Jun 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5309 Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature https://t.co/bVnB3dEBSP
@VulmonFeeds
16 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5309 The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote … https://t.co/AdwNoO6VLW
@CVEnew
16 Jun 2025
427 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5309: HIGH] The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.#cve,CVE-2025-5309,#cybersecurity https://t.co/tVwZ2S9ajr https://t.co/kqpg
@CveFindCom
16 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes