BeyondTrust has released a security advisory to address a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems.
Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2025-5309 is an ‘improper control of generation of code’ vulnerability with a CVSSv4 base score of 8.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code in the context of the server.
Read more…
Source: NHS Digital
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Bluetooth security flaws could affect thousands of Mercedes, Volkswagen, Skoda cars
July 11, 2025
Security researchers have discovered four vulnerabilities in the BlueSDK Bluetooth stack which could be chained together for remote code execution (RCE) attacks. This stack is used by multiple vendors across different industries – including car manufacturing giants Mercedes, Volkswagen, and Skoda (and possibly others). In theory, a threat actor could abuse these flaws to connect to ...
- CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
July 11, 2025
U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems. Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking product ...
- NFC fraud threatens Philippines digital payments security
July 8, 2025
As contactless payments and digital wallets grow quickly in the Philippines, cyber-criminals are now targeting the country by abusing Near Field Communication (NFC) technologies. Resecurity, a global leader in cyber threat intelligence, issued a stark warning, urging Philippine regulators and financial institutions to heighten their defenses amid an alarming increase in NFC-enabled fraud, particularly from ...
- Several major Linux distros hit by serious Sudo security flaws
July 7, 2025
Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files. The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like ...
- Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack
July 3, 2025
In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. The same month, Apache revealed two additional vulnerabilities in ...
- Google Releases Security Updates for Chrome
July 1, 2025
Google has released updates to Chrome stable channels to address a high severity vulnerability. CVE-2025-6554 is a “type confusion” vulnerability in the V8 JavaScript browser engine. An attacker could exploit this vulnerability to perform arbitrary read/write by convincing a user to visit a malicious HTML page. Google is aware that an exploit for CVE-2025-6554 exists in ...

