BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

A significant security vulnerability has been identified in BeyondTrust’s Privileged Remote Access (PRA) solution, posing a risk to organizations relying on this technology for managing privileged sessions. The advisory reveals a local authentication bypass, tracked as CVE-2025-0217.

The vulnerability allows a local authenticated attacker to compromise the security of active ShellJump sessions. Specifically, it enables an attacker to “view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions“. This means that malicious actors with local access to a system running a vulnerable version of PRA could potentially hijack privileged sessions, gaining unauthorized control over critical systems and data.

The ability to bypass local authentication and gain unauthorized access to privileged sessions represents a severe security risk. With a CVSS score of 7.3, this vulnerability is classified as high severity, indicating a significant potential for exploitation and damage. Organizations using affected versions of PRA must take immediate action to mitigate this threat.

The fixed version is 25.1 and later. Upgrading to this version will eliminate the vulnerability and secure Privileged Remote Access deployments.

BeyondTrust acknowledges the responsible disclosure of this vulnerability by Paul Szabo of the University of Sydney.

Organizations utilizing BeyondTrust Privileged Remote Access are strongly advised to verify their current version and upgrade to version 25.1 or later immediately.

Related Posts:

• CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
• BeyondTrust Privilege Management for Windows Vulnerability Allows Local Privilege Escalation
• CISA Warns of Active Exploitation of Critical Flaws in BeyondTrust and Qlik Sense
• Okta’s Security Breach Puts Businesses on Alert