BeyondTrust Vulnerability Exploited

BeyondTrust Vulnerability Exploited — Remote Access Tools in the Crosshairs

Security researchers have identified active exploitation of a critical vulnerability affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) solutions. The flaw, rated CVSS 9.9, allows unauthenticated remote code execution via specially crafted requests. Attackers have been observed extracting session values and establishing WebSocket connections to gain control. A significant volume of reconnaissance activity originated from a commercial VPN-linked IP address, suggesting rapid weaponisation. BeyondTrust has released patches, and organisations are strongly advised to update immediately and review logs for suspicious activity.

When your security tool becomes the security risk, things get uncomfortable.
Researchers have confirmed active exploitation of a critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) platforms — tools commonly used to manage and secure remote connections.

What’s the Problem?
The vulnerability carries a near-maximum severity score of 9.9 and allows unauthenticated remote code execution. In simple terms, attackers can potentially send specially crafted requests to a vulnerable system and execute code without logging in first.

That’s not a feature.
What Attackers Are Doing
Observed attacks involve:
• Extracting session information
• Establishing WebSocket connections
• Attempting to gain remote access
Researchers also noted a significant volume of scanning activity linked to an IP address associated with a commercial VPN provider — suggesting automated or opportunistic exploitation.

Why It’s Serious
Remote access tools are designed to control critical systems. If compromised, they can provide attackers with direct pathways into sensitive environments.
This isn’t just a website bug — it’s potentially a gateway into infrastructure.
What Organisations Should Do
• Update BeyondTrust RS and PRA immediately
• Review access logs for unusual session activity
• Restrict external access where possible
• Implement additional monitoring on privileged access systems
Security platforms often sit at the centre of enterprise networks. When one of them develops a flaw, attackers notice quickly.
If you use BeyondTrust, this is one update you don’t want to postpone.