Skip to main content

Remote Support CVE-2025-5309

| EUVDEUVD-2025-18420 CRITICAL
Code Injection (CWE-94)
2025-06-16 13061848-ea10-403d-bd75-c83a022c2891
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18420
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
CVE Published
Jun 16, 2025 - 17:15 nvd
CRITICAL 9.8

DescriptionCVE.org

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.

AnalysisAI

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Remote Access (PRA) that enables unauthenticated remote code execution with a critical CVSS score of 9.8. The vulnerability affects the chat messaging functionality across both products with no authentication or user interaction required, allowing attackers to execute arbitrary code on affected systems. This is a critical severity issue requiring immediate patching.

Technical ContextAI

The vulnerability exists in the chat feature's template processing mechanism, specifically where user-supplied input is passed directly to a server-side template engine without proper sanitization or validation. This falls under CWE-94 (Improper Control of Generation of Code). Template injection vulnerabilities occur when an application uses a templating engine (such as Jinja2, Velocity, FreeMarker, or similar) to render user-controlled data without escaping or sandboxing. In this case, attackers can inject malicious template syntax (e.g., {{7*7}}, ${system.exec()}, or similar expressions depending on the template engine) through chat messages, which are then evaluated server-side, leading to arbitrary code execution. The vulnerability is network-accessible (AV:N) with low attack complexity (AC:L) and requires no privileges (PR:N), making it trivially exploitable.

RemediationAI

  1. Apply the latest security patch released by Citrix for both Remote Support and Privileged Remote Access products immediately. 2. If immediate patching is not possible, disable or restrict access to the chat feature at the network level using firewall rules or WAF policies until patched. 3. Implement network segmentation to limit exposure of RS/PRA instances to trusted networks only. 4. Monitor for exploitation attempts by checking chat message logs for template injection payloads (e.g., suspicious ${}, {{}}, <%, or expression syntax in chat messages). 5. Review access logs for unusual chat API endpoint requests. 6. Consider disabling the chat feature entirely in non-critical deployments pending patch deployment. Patch version information and detailed vendor advisories should be obtained directly from Citrix Security Advisory (CSA) bulletin corresponding to this CVE.
CVE-2026-1731 CRITICAL POC
9.8 Feb 06

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authenticati

CVE-2015-0935 HIGH POC
7.5 May 25

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to

CVE-2024-12356 CRITICAL POC
9.8 Dec 17

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca

CVE-2023-4310 CRITICAL
9.8 Sep 05

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio

CVE-2026-40139 CRITICAL
9.2 Jul 06

Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent

CVE-2026-40138 CRITICAL
9.2 Jul 06

Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne

CVE-2026-40140 HIGH
8.7 Jul 06

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a

CVE-2026-40141 HIGH
8.5 Jul 06

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and

CVE-2017-5996 HIGH
7.8 Oct 26

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac

CVE-2024-12686 HIGH
7.2 Dec 18

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke

Share

CVE-2025-5309 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy