A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
https://www.theregister.com/2025/02/14/postgresql_bug_treasury/
https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
https://www.securityweek.com/cisa-warns-of-second-beyondtrust-vulnerability-exploited-in-attacks/
https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed
Published: 2024-12-17
Updated: 2025-03-10
Named Vulnerability: BeyondTrust Remote Support SaaS Zero-DayKnown Exploited Vulnerability (KEV)
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.935
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability Being Monitored