BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.
Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- CISA Issues Apache Log4j Vulnerability Guidance
December 14, 2021
CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as ...
- Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability
December 14, 2021
The number of attacks aiming to take advantage of the recently disclosed security flaw in the Log4j2 Java logging library continues to grow. The vulnerability (CVE-2021-44228) was publicly disclosed on December 9 and enables remote code execution and access to servers. What makes it such a major issue is Log4j is widely used in commonly deployed ...
- Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December 14, 2021
Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications. The patch came as part of the computing giant’s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. The patches cover the waterfront of Microsoft’s portfolio, affecting ...
- Bugs in billions of WiFi, Bluetooth chips allow password, data theft
December 13, 2021
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it’s possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Modern consumer electronic devices such as smartphones feature SoCs with separate Bluetooth, WiFi, and LTE components, each with ...
- CERT NZ Alert: Log4j RCE 0-day actively exploited
December 10, 2021
The ubiquitous java logging library, log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild and that proof-of-concept code has been published. This includes many applications and services written in ...
- Hundreds of thousands of MikroTik devices still vulnerable to botnets
December 9, 2021
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS ...

