BeyondTrust warns of pre-auth RCE in Remote Support software www.bleepingcomputer.com/news/secu…

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers.

Remote Support is BeyondTrust’s enterprise-grade remote support solution that helps IT support teams troubleshoot issues by remotely connecting to systems and devices, while Privileged Remote Access acts as a secure gateway and ensures that users can only access the specific systems and resources they’re authorized to use.

Tracked as CVE-2025-5309, this Server-Side Template Injection vulnerability was discovered by Jorren Geurts of Resillion in the chat feature of BeyondTrust RS/PRA.