BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.
Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
March 7, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability CVE-2022-33891 Apache Spark Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA Releases Five Industrial Control Systems Advisories
March 2, 2023
CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-061-01 Mitsubishi Electric MELSEC Series ICSA-23-061-02 Baicells Nova Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related ...
- Open source software has its perks, but supply chain risks can’t be ignored
February 22, 2023
Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four ...
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 21, 2023
ISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Two Industrial Control Systems Advisories
- Cisco’s ClamAV has a heckuva flaw
February 17, 2023
“A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the issue as CVE-2023-20032. “This vulnerability is due to a missing buffer size check that may result in a ...
- CISA Releases Fifteen Industrial Control Systems Advisories
February 16, 2023
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens ...

