The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 21 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:privileged_remote_access:25.1.1:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:remote_support:25.1.1:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00434}

epss

{'score': 0.00301}


Mon, 16 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Jun 2025 16:30:00 +0000

Type Values Removed Values Added
Description The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
Title Remote Support & Privileged Remote Access server side template injection
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: BT

Published:

Updated: 2025-06-19T03:55:06.361Z

Reserved: 2025-05-28T17:50:50.656Z

Link: CVE-2025-5309

cve-icon Vulnrichment

Updated: 2025-06-16T16:38:06.701Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-16T17:15:29.853

Modified: 2025-08-21T20:36:00.047

Link: CVE-2025-5309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-06-20T13:55:53Z