关键信息 Advisory ID: BT25-03 CVSSv4 Score: 7.3 Severity: High Issue Date: 2025-05-05 Updated On: 2025-05-05 CVE: CVE-2025-0217 CWE: CWE-287 Synopsis: Privileged Remote Access – Authentication Bypass Impacted Product: Privileged Remote Access Summary A vulnerability has been discovered in Privileged Remote Access (PRA) that allows a local authenticated attacker to connect to an active Shell Jump session. Details BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions. Mitigation Customers with the "Open Shell Jump Session with an External Tool" option disabled are not affected. Additionally, sessions initiated from Windows systems are not affected. Affected Versions Fixed Versions References https://www.cve.org/cverecord?id=CVE-2025-0217 https://nvd.nist.gov/vuln/detail/CVE-2025-0217 https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0022249 Acknowledgements We would like to thank Paul Szabo of the University of Sydney for reporting this vulnerability responsibly.