- Description
- The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
- Source
- 13061848-ea10-403d-bd75-c83a022c2891
- NVD status
- Analyzed
- Products
- privileged_remote_access, remote_support
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 13061848-ea10-403d-bd75-c83a022c2891
- CWE-94
- Hype score
- Not currently trending
CVE-2025-5309 - Beyond Trust Product: Remote Support attack technique: template injection (server-side)
@ghostbugste
19 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-5309:Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature 🧐Credit by Jorren Geurts: https://t.co/91kykN4Tv3 📊1.2M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/AIULqzBHna
@HunterMapping
19 Jun 2025
3705 Impressions
21 Retweets
67 Likes
21 Bookmarks
2 Replies
1 Quote
BeyondTrust warns of pre-auth RCE in Remote Support software BeyondTrust has patched a high-severity vulnerability (CVE-2025-5309) in its Remote Support (RS) and Privileged Remote Access (PRA) tools that could allow unauthenticated remote code execution via a server-side https:/
@dCypherIO
18 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust warns of a critical pre-auth RCE vulnerability (CVE-2025-5309) in Remote Support and Privileged Remote Access software, exploited by Chinese-backed hackers targeting U.S. agencies. Patches released by June 2025. ⚠️ #CyberRisk #China https://t.co/HsIyrfOHIX
@TweetThreatNews
18 Jun 2025
113 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical alert: BeyondTrust Remote Support has a pre-auth RCE flaw (CVE-2025-5309) allowing attackers to take over systems. Cloud instances are patched, but on-prem users must update now. Already exploited in ransomware attacks. Patch ASAP! https://t.co/sw4oID6mCW
@RedTeamNewsBlog
18 Jun 2025
129 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
BeyondTrust's platforms are under fire—a new flaw (CVE-2025-5309) lets attackers run code remotely without any credentials. Are your systems patched up? Discover what you need to know. https://t.co/6rrCKedxnh
@DefendOpsHQ
18 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Veeam and BeyondTrust have patched critical vulnerabilities allowing remote code execution, including CVE-2025-5309 in BeyondTrust's chat feature and CVE-2025-23121 in Veeam. Stay updated to stay protected. 🛡️ #SecurityAlert #VeeamUK #TechFixes https://t.co/XDfCoaXbFM
@TweetThreatNews
18 Jun 2025
32 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ RCE Alert: CVE-2025-5309 impacts BeyondTrust RS & PRA. Unauth SSTI exploit allows code execution on vulnerable servers. 🔧 Patches available on-prem users must act now. 🔗https://t.co/6chSfivabX #Infosec #RCE #CVE2025 https://t.co/K7LSZi11YD
@threatsbank
17 Jun 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5309 Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature https://t.co/bVnB3dEBSP
@VulmonFeeds
16 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5309 The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote … https://t.co/AdwNoO6VLW
@CVEnew
16 Jun 2025
427 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5309: HIGH] The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.#cve,CVE-2025-5309,#cybersecurity https://t.co/tVwZ2S9ajr https://t.co/kqpg
@CveFindCom
16 Jun 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A2A829-D37A-4D9C-962E-2DC54EC8108F",
"versionEndIncluding": "24.2.4",
"versionStartIncluding": "24.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E8BE83-646E-4074-B937-EBAB6BCAB252",
"versionEndExcluding": "24.3.4",
"versionStartIncluding": "24.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:25.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D52C25B-C41A-4E9D-B8CD-D8C1F05731C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D65867-DEFA-446D-ABD9-20D8917C955E",
"versionEndIncluding": "24.2.4",
"versionStartIncluding": "24.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858F1894-D485-4F25-B728-B06BCEB81D09",
"versionEndExcluding": "24.3.4",
"versionStartIncluding": "24.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:25.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4A1D8-D719-46E5-AF0D-15EA7D6D8AA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]