Advisory ID: BT25-03

CVSSv4 score: 7.3

CVSSv4 Vector: AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: High

Issue Date: 2025-05-05

Updated On: 2025-05-05

CVE: CVE-2025-0217

CWE: CWE-287

Synopsis: Privileged Remote Access – Authentication Bypass

Impacted Product: Privileged Remote Access

Summary

A vulnerability has been discovered in Privileged Remote Access (PRA) that allows a local authenticated attacker to connect to an active ShellJump session.

Details

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.

Mitigation

Customers with the “Open Shell Jump Session with an External Tool” option disabled are not affected. Additionally, sessions initiated from Windows systems are not affected.

Affected Versions

Product	Version
Privileged Remote Access	Prior to 25.1

Fixed Versions

Product	Version
Privileged Remote Access	25.1 and later

References

https://www.cve.org/cverecord?id=CVE-2025-0217

https://nvd.nist.gov/vuln/detail/CVE-2025-0217

https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0022249

Acknowledgements

We would like to thank Paul Szabo of the University of Sydney for reporting this vulnerability responsibly.