BeyondTrust Remote Support and Privileged Remote Access Pre-Authentication Remote Code Execution Vulnerability

A critical pre-authentication remote code execution vulnerability has been identified in BeyondTrust Remote Support (RS) versions through 25.3.1 and in Privileged Remote Access (PRA) versions through 24.3.4. This vulnerability allows an unauthenticated remote attacker to execute operating system commands in the context of the site user by sending specially crafted requests. Successful exploitation requires no authentication or user interaction, potentially leading to system compromise, unauthorized access, data exfiltration, and service disruption.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with executed commands running in the context of the site user.

Remediation

A patch has been applied to all Remote Support SaaS and Privileged Remote Access SaaS customers as of February 2, 2026. Self-hosted customers of Remote Support and Privileged Remote Access should manually apply the patch if their instance is not subscribed to automatic updates. Customers on Remote Support versions older than 21.3 or on Privileged Remote Access versions older than 22.1 will need to upgrade to a newer version to apply this patch. Self-hosted customers of PRA may also upgrade to version 25.1.1 or a newer version to remediate this vulnerability.