Security Advisories | BeyondTrust

BeyondTrust Advisories

This page contains information on security vulnerabilities that may impact BeyondTrust solutions.

Data and product security are extremely important to us here at BeyondTrust. If you are a security researcher and you believe you have discovered a security vulnerability in one of our products or services, please follow responsible disclosure guidelines to bring it to our attention so we can address it as quickly as possible.

Disclosure guidelines can be found here.

ID	Severity	CVSS Score	Description	Public Date
BT26-02	Critical	9.9	Remote code execution in Remote Support (RS) and Privileged Remote Access (PRA) CVE-2026-1731	2026-02-06
BT26-01	Medium	6.8	Privilege Management for Windows – Anti-Tamper Bypass CVE-2026-1232	2026-02-02
BT25-06	High	7.1	Privilege Management for Windows – Anti-Tamper Bypass CVE-2025-6250	2025-07-28
BT25-05	High	7.2	Privilege Management for Windows - Elevation of Privilege CVE-2025-2297	2025-07-28
BT25-04	High	8.6	Remote Support & Privileged Remote Access - RCE Via Server-Side Template Injection CVE-2025-5309	2025-06-16
BT25-03	High	7.3	Privileged Remote Access – Authentication Bypass CVE-2025-0217	2025-05-05
BT25-01	High	7.2	Privilege Management for Windows – Elevation of Privilege CVE-2025-0889	2025-02-25
BT24-11	Medium	6.6	Remote Support (RS) & Privileged Remote Access (PRA) - Command Injection Vulnerability CVE-2024-12686	2024-12-18
BT24-10	Critical	9.8	Remote Support (RS) & Privileged Remote Access (PRA) - Command Injection Vulnerability CVE-2024-12356	2024-12-16
BT24-09	Medium	6.4	BeyondTrust Privileged Identity - Reflected Cross-Site Scripting CVE-2024-9110	2024-10-22
BT24-08	Medium	5.9	BeyondInsight Password Safe – SSH Access CVE-2024-5813	2024-06-11
BT24-07	Low	3.3	BeyondInsight Password Safe – Smart Rule Vulnerability CVE-2024-5812	2024-06-11
BT24-06	Medium	4.3	BeyondInsight – Information Disclosure CVE-2024-4220	2024-05-23
BT24-05	Medium	4.8	BeyondInsight – SSRF CVE-2024-4219	2024-05-23
BT24-04	High	8.8	U-Series Appliance – DLL Hijacking CVE-2024-4017	2024-04-23
BT24-03	High	8.8	U-Series Appliance – Privilege Escalation via Local Appliance API CVE-2024-4018	2024-04-23
BT24-02	Low	3.3	Privilege Management for Windows – GPO Policy Information Leak CVE-2024-1591	2024-02-14
BT24-01	Medium	6.3	Local authenticated attacker with privileges to initiate a repair on Privilege Management for Windows could hijack the elevated process to execute arbitrary programs with elevated privileges CVE-2024-25083	2024-02-14
BT23-08	Medium	6.7	Unprotected administrative access to Challenge-Response shared key can lead to Privilege Escalation CVE-2023-49944	2023-12-08
BT23-05	Critical	9.8	Command injection vulnerability which can be exploited through a malicious HTTP request CVE-2023-4310	2023-07-28
BT22-06	Medium	6.8	Elevation of Privilege in Privilege Management for Mac (PMfM) Installer CVE-2021-3187	2021-02-01
BT22-07	Medium	6.8	Elevation of Privilege in Privilege Management for Windows (PMfW) Installer CVE-2020-12615	2020-08-01
BT22-08	Medium	5.5	DLL Hijacking in Privilege Management for Windows (PMfW) Installer CVE-2020-28369	2020-08-01
BT22-09	Medium	6.5	OS Environment Variable Querying in Privilege Management for Windows (PMfW) CVE-2020-12612	2020-08-01
BT22-10	High	7.1	Publisher Matching Criteria Bypass in Privilege Management for Windows (PMfW) CVE-2020-12614	2020-08-01
BT22-11	Medium	6.2	Second user elevation of Privilege in Privilege Management for Windows (PMfW) CVE-2020-12613	2020-08-01