BT25-04 | BeyondTrust

Advisory ID: BT25-04

CVSSv4 Score: 8.6
CVSSv4 Vector AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity: High
Issue Date: 2025-06-16
Updated On: 2025-06-16
CVE(s): CVE-2025-5309
CWE CWE-94
Synopsis: RCE Via Server-Side Template Injection
Impacted: Product Remote Support and Privileged Remote Access

Summary

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

Details

Remote Support and Privileged Remote Access components do not properly escape input intended for the template engine, leading to a potential template injection vulnerability. This flaw may allow an attacker to execute arbitrary code in the context of the server. Notably, in the case of Remote Support, exploitation does not require authentication.

Mitigation

A patch has been applied to all RS/PRA cloud customers as of June 16, 2025 that remediates this vulnerability.

On-premise customers of RS/PRA should apply the patch if their instance is not subscribed to automatic updates in their /appliance interface.

Remote Support

If the patch cannot be applied, the following options for the Public Site can help mitigate exploitation of this vulnerability:

Enable SAML authentication for the Public Portal
Enforce session key usage by:
- Ensuring Session Keys are enabled
- Disabling the Representative List
- Disabling the Issue Submission Survey

Privileged Remote Access

If you are on an affected version, apply the appropriate patch.

Affected Versions

Product	Version
Remote Support	24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1
Privileged Remote Access	24.2.2 to 24.2.4, 24.3.1 to 24.3.3, and 25.1.1

Fixed Versions

Product	Version
Remote Support	24.2.2 to 24.2.4 with HELP-10826-2 Patch
Remote Support	24.3.1 to 24.3.3 with HELP-10826-2 Patch
Remote Support	24.3.4 and any future 24.3.x release
Remote Support	25.1.1 with HELP-10826-1 Patch
Privileged Remote Access	25.1.2 and above
Privileged Remote Access	24.2.2 to 24.2.4 with HELP-10826-2 Patch
Privileged Remote Access	24.3.1 to 24.3.3 with HELP-10826-2 Patch
Privileged Remote Access	25.1.1 with HELP-10826-1 Patch

References

https://www.cve.org/cverecord?id=CVE-2025-5309

https://nvd.nist.gov/vuln/detail/CVE-2025-5309

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022524

Acknowledgements

We would like to thank Jorren Geurts of Resillion for reporting this vulnerability responsibly.