Remote Support / Privileged Remote Access – BT26-02 critical vulnerability patch for RS and PRA
BeyondTrust have released a Critical Vulnerability Patch. All Privileged Remote Access and Remote Support customers, particularly those with on-prem installations, should review details and apply mitigations where applicable.
Affected Version:
> Privileged Remote Access (PRA) version 24.3.4 and lower
> Remote Support 25.3.1 and lower
Patch details:
For SaaS Implementation:
> Patch BT26-02-PRA or BT26-02-RS has been applied to all SaaS instances as of February 2, 2026, that remediates this vulnerability.
For On-Premise Implementation:
> The vulnerability can be mitigated by upgrading to 25.1.1
BeyondTrust: CVE-2025-2297 & CVE-2025-6250
We would like to inform you about two recently published high severity vulnerabilities in Privilege Management for Windows.
Summary
· CVE-2025-2297: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker to elevate privileges.
· CVE-2025-6250: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker with elevated privileges to bypass anti-tamper protections.
Who May Be Impacted
Privilege Management for Windows customers on the versions prior to 25.4.270.0
Resolution and Mitigation
Both vulnerabilities have been addressed in Privilege Management for Windows 25.4.270.0. At the time of the CVE’s release on July 28th, all cloud tenants will have been upgraded to 25.4. Customers can push version 25.4.270.0 to clients to remediate this vulnerability.
Want to dive deeper? Check it out here:
