BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access


BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.

Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.

Read more…
Source: NHS Digital


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • CISA Releases Two Industrial Control Systems Advisories

    June 20, 2023

    CISA released two Industrial Control Systems (ICS) advisories on June 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-171-01 Enphase Envoy Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Whitehall wide open to cyber-attack, warn campaigners

    June 18, 2023

    Government departments responsible for running health and social care, and for collecting taxes, are using outdated software that leaves them wide open to cyber-attacks, according to a disturbing new investigation. The use of “legacy” servers and databases has been uncovered through freedom of information (FoI) requests from the low-tax pressure group the TaxPayers’ Alliance. It has ...

  • Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

    June 15, 2023

    Starting as early as October 10, 2022, UNC4841 sent emails to victim organizations that contained malicious file attachments designed to exploit CVE-2023-2868 to gain initial access to vulnerable Barracuda ESG appliances. Over the course of their campaign, UNC4841 has primarily relied upon three principal code families to establish and maintain a presence on an ESG appliance, ...

  • Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability – CVE-2023-35708

    June 15, 2023

    Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment. In Progress MOVEit Transfer versions released before ...

  • CISA Releases Fourteen Industrial Control Systems Advisories

    June 15, 2023

    CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • US government agencies hit in global cyberattack

    June 15, 2023

    “Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...