Attacks on BeyondTrust Remote Support and Privileged Remote Access possible
Two remote support solutions from BeyondTrust are vulnerable. Security updates close a critical gap.
(Image: AFANASEV IVAN/Shutterstock.com)
If attackers successfully exploit a security vulnerability in BeyondTrust Remote Support or Privileged Remote Access, they can fully compromise systems. Current versions are protected against possible attacks. So far, there are no indications that attackers are already exploiting the vulnerability.
The Danger
A warning message indicates that Remote Support up to and including version 25.3.1 and Privileged Remote Access up to and including version 24.3.4 are vulnerable. The developers state that they have secured Remote Support 25.3.2 and Privileged Remote Access 25.1.1. For SaaS customers, the security updates have already been installed. Admins of on-premises instances must install the patches themselves. Support for Remote Support prior to 21.3 and Privileged Remote Access prior to 22.1 has expired, and there are no more security patches. An upgrade is necessary here.
Videos by heise
Admins should not delay patching, as attackers can use the vulnerability (CVE-2026-1731, “critical”) to push malicious code onto systems. This works for remote attackers without authentication using special client requests.
(des)
