What vulnerabilities were discovered in BeyondTrust's systems?

Two vulnerabilities were discovered: CVE-2024-12356 with a CVSS score of 9.8 and CVE-2024-12686 with a CVSS score of 6.6. Both vulnerabilities have been confirmed by CISA to be actively exploited.

When was the security incident first discovered?

BeyondTrust discovered a compromise of their Remote Support SaaS instances in late December 2024.

What major organization was affected by these vulnerabilities?

The US Treasury Department was compromised in early January 2025 due to these vulnerabilities. CISA has confirmed that while the Treasury was affected, there is no evidence of impact on other federal agencies.

How widespread is BeyondTrust's software deployment?

BeyondTrust serves approximately 20,000 customers, including 75 of the Fortune 100 companies, making the potential impact of these vulnerabilities significant across government and enterprise environments.

What actions should users take?

Users are advised to patch their systems immediately to protect against these actively exploited vulnerabilities.

Attack

CISA confirms exploitation of two BeyondTrust flaws, urges patching

published: Jan. 14, 2025

Take action: If you are running on-prem versions of BeyondTrust products, patch them ASAP. There is active exploitation of BeyondTrust flaws, so not the best time to postpone.

Learn More

BeyondTrust, a major security software provider serving approximately 20,000 customers including 75 of the Fortune 100, has been at the center of a security incident that led to the discovery of two vulnerabilities. Now CISA confirms active exploitation of both flaws

The flaws are CVE-2024-12356 (CVSS score 9.8) and CVE-2024-12686 (CVSS score 6.6). BeyondTrust discovers compromise of Remote Support SaaS instances in late December 2024.

The vulnerabilities gained significant attention following a cyberattack on the US Treasury Department in early January 2025.

CISA has confirmed that while the Treasury Department was compromised, there is no evidence of impact on other federal agencies. However, given BeyondTrust's widespread use across government and enterprise environments, the potential risk remains significant.

Users are advised to patch their systems immediately.

CISA confirms exploitation of two BeyondTrust flaws, urges patching

Read More
CISA reports actively exploited flaw in Craft CMS
Sansec security researchers report Magento flaw actively exploited …
TrueConf Zero-Day Exploited in Targeted Government Attacks
CISA warns of critical Fortinet RCE actively exploited
Security researchers warn of actively exploited Ghostcript RCE …