CVE-2025-0217

High CVSS: 7.3

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.

Vendor

Beyondtrust

Product

Privileged Remote Access

CWE

CWE-287

Yayın Tarihi

2025-05-05 17:18:46

Güncelleme

2025-11-03 20:17:05

Source Identifier

13061848-ea10-403d-bd75-c83a022c2891

KEV Date Added

Kategoriler

CWE-287 Privileged Remote Access HIGH Beyondtrust 2025

Referanslar

https://www.beyondtrust.com/trust-center/security-advisories/bt25-03 http://seclists.org/fulldisclosure/2025/May/1

Benzer Kayıtlar

Critical

CVE-2026-1731

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-auth…

High

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challe…

High

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypass…

High

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template I…

High

CVE-2025-0889

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows i…