Critical Vulnerability Discovered in BeyondTrust Products
/ 1 min read
🔍 Critical vulnerability in BeyondTrust software exposes thousands of instances. A severe vulnerability, CVE-2024-12356, has been identified in BeyondTrust’s Privileged Remote Access and Remote Support products, allowing unauthenticated attackers to execute commands as site users. As of January 6, 2025, approximately 13,548 instances of the affected software were found online, a significant increase from previous reports. This vulnerability, with a CVSS score of 9.8, was added to CISA’s list of known exploited vulnerabilities on December 19, 2024, following incidents involving unauthorized access linked to compromised API keys. BeyondTrust has released patches for supported versions, but the ongoing security investigation continues to assess the full impact of these breaches.
