CVE-2025-5309 | THREATINT

Description

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

PUBLISHED Reserved 2025-05-28 | Published 2025-06-16 | Updated 2025-06-19 | Assigner BT

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

24.2.2 (custom)

affected

24.3.1 (custom)

affected

25.1.1 (custom)

affected

Default status

unaffected

24.2.2 (custom)

affected

24.3.1 (custom)

affected

25.1.1 (custom)

affected

Credits

Jorren Geurts of Resillion finder

References

www.beyondtrust.com/trust-center/security-advisories/bt25-04

cve.org (CVE-2025-5309)

nvd.nist.gov (CVE-2025-5309)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu