BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.
Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Android: New StrandHogg vulnerability is being exploited in the wild
December 2, 2019
Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions ...
- Exploit code published for dangerous Apache Solr remote code execution flaw
November 25, 2019
Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought. Apache Solr is a Java-based open-source search engine, initially developed to add search functionality to the CNET website. The project was donated to the Apache Software Foundation in 2006, from where ...
- Critical Flaws in VNC Threaten Industrial Environments
November 22, 2019
The open-source Virtual Network Computing (VNC) project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution (RCE). According to researchers at Kaspersky, they potentially affect 600,000 web-accessible servers in systems that use the code. The ...
- High-Severity Windows UAC Flaw Enables Privilege Escalation
November 20, 2019
Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control (UAC), a security feature of Windows within Secure Desktop which helps prevent unauthorized changes to the operating system. “With UAC fully ...
- New Roboto botnet emerges targeting Linux servers running Webmin
November 20, 2019
A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto. The botnet’s appearance dates back to this summer and is linked to the disclosure of a major security flaw in a web app installed on more than 215,000 servers — ...
- Thousands of businesses vulnerable to ‘severe’ Oracle EBS flaws
November 20, 2019
Security researchers at Onapsis have discovered a number of ‘severe’ vulnerabilities in Oracle’s E-Business Suite (EBS) that could leave more than 21,000 organisations at risk of financial theft and fraud. Oracle EBS has become a critical set of products that help to integrate customer relationship management (CRM), enterprise resource planning (ERP) and supply chain management processes within a ...

