BeyondTrust reports vulnerability enabling pre-authentication remote code execution

BeyondTrust has released an update to address a high-severity Server-Side Template Injection vulnerability in its Remote Support and Privileged Remote Access solutions that enables unauthenticated attackers to achieve remote code execution on vulnerable servers. 

The flaw is tracked as CVE-2025-5309 (CVSS score 8.6), affects the chat feature within both enterprise products. It stems from improper input sanitization within the template engine used by BeyondTrust's Remote Support and Privileged Remote Access components. The affected systems fail to adequately escape user-supplied input intended for the template engine, creating a pathway for Server-Side Template Injection attacks that can result in arbitrary code execution within the server context.

Exploitation does not require authentication when targeting Remote Support instances. 

Affected platforms

• Remote Support versions 24.2.2 through 24.2.4, 24.3.1 through 24.3.3, and version 25.1.1.
• Privileged Remote Access versions 24.2.2 through 24.2.4, 24.3.1 through 24.3.3, and version 25.1.1. 

BeyondTrust has already implemented patches for all Remote Support and Privileged Remote Access cloud customer deployments as of June 16, 2025, automatically protecting cloud-hosted instances from exploitation. 

On-premises customers must manually apply the available security patches, if their instances are not configured for automatic updates through the appliance interface. The company has released specific patch identifiers for different version ranges, including HELP-10826-2 Patch for versions 24.2.2 through 24.3.3 and HELP-10826-1 Patch for PRA version 25.1.1.

For organizations unable to immediately deploy the security patches, BeyondTrust suggests mitigation through SAML authentication for the Public Portal, which adds an authentication layer and disabling both the Representative List and Issue Submission Survey features.