BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.
Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices
November 15, 2017
Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and ...
- 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction
November 14, 2017
You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all ...
- Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask
November 13, 2017
Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...
- Experts working with Homeland Security hacked into Boeing 757
November 10, 2017
There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...
- Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB
November 9, 2017
Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...
- Evil pixels: researcher demos data-theft over screen-share protocols
November 9, 2017
It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get data over a connection like RDP (remote desktop protocol) when the target had blocked file transfer ...

