BeyondTrust Remote Support and Privileged Remote Access Server-Side Template Injection Vulnerability Leading to Remote Code Execution

A server-side template injection vulnerability has been identified in the chat feature of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). This vulnerability allows for remote code execution, as the applications do not properly escape user input intended for the template engine. In the case of Remote Support, exploitation can occur without authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected application is running.

Remediation

A patch has been applied to all cloud customers of Remote Support and Privileged Remote Access as of June 16, 2025. On-premise customers should apply the patch if their instance is not subscribed to automatic updates. For Remote Support Public Site, SAML authentication can be enabled, and session key usage can be enforced by ensuring session keys are enabled, disabling the representative list, and disabling the issue submission survey. Privileged Remote Access users on an affected version should apply the appropriate patch.