A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
https://www.theregister.com/2025/02/14/postgresql_bug_treasury/
https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
https://www.securityweek.com/cisa-warns-of-second-beyondtrust-vulnerability-exploited-in-attacks/
https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed
Published: 2024-12-17
Updated: 2025-03-10
Known Exploited Vulnerability (KEV)
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS: 0.9301
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability Being Monitored