关联漏洞
描述
🚨 CVE-2025-5309 Multi-Method SSTI Scanner | BeyondTrust Detection Tool by Issam
介绍
# CVE-2025-5309 Scanner
🚨 **CVE-2025-5309**: Server-Side Template Injection in Remote Support and Privileged Remote Access Chat Feature
## 📰 CVE Overview
A vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows Server-Side Template Injection (SSTI), potentially leading to remote code execution via the chat feature.
- **CVE**: CVE-2025-5309
- **Risk**: High (Remote Code Execution)
- **Credit**: Jorren Geurts – [resillion.com](https://resillion.com/latest-news/be)
- **Searchable Services**: Over 1.2M services found on [hunter.how](https://hunter.how/list?searchVal=BeyondTrust)
- **Query**:
```
product.name="BeyondTrust Remote Support"||product.name="BeyondTrust Privileged Remote Access"
```
## 🛡️ How to Fix
- Update to the latest secure version from [BeyondTrust](https://beyondtrust.com/trust-center/security-advisories)
- Disable or restrict public access to the chat system
- Monitor and restrict template processing in chat input
## 🔍 Usage
Install dependencies:
```bash
pip install -r requirements.txt
```
Run the scanner:
```bash
python3 scanner.py --query "BeyondTrust"
```
## 💡 Example Output
```
🚨 CVE-2025-5309 Scanner by Issam junior 🚨
[+] Searching for: BeyondTrust ...
[!] Possible vulnerable service found: 192.168.0.55:443
```
## 📌 Disclaimer
This tool is for **educational and security research purposes only**.
文件快照
[4.0K] /data/pocs/da87c6eba95a77c78cbc177a2f7daabee70bc02d
├── [ 119] LICENSE
├── [1.4K] README.md
├── [ 9] requirements.txt
└── [3.1K] scanner.py
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。