CISA: Second BeyondTrust Vulnerability Added to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to patch a command injection flaw tracked as CVE-2024-12686, otherwise known as BT24-11, and has added it to the Known Exploited Vulnerabilities (KEV) Catalog.
The medium-severity security bug was found as a part of BeyondTrust's Remote Support SaaS Service security investigation, which was launched after a major data breach at the US Treasury Department. Silk Typhoon, a Chinese hacking group, was reportedly responsible for the December 2024 cyberattack, in which threat actors were able to gain credentials to Treasury workstations through the third-party vendor and then steal data. On Dec. 18, BeyondTrust reported identifying BT24-11 within its self-hosted and cloud Remote Support and Privileged Remote Access products, after reporting BT24-10 just two days prior.
On Jan. 6, in its latest update, BeyondTrust reported that its forensic investigation is nearly complete and that all software-as-a-service instances of BeyondTrust Remote Support have been fully patched with no new identified victims.
"All cloud instances have been patched for this vulnerability," BeyondTrust stated in the update. "We have also released a patch for self-hosted versions."
CISA stated that the vulnerability "can be exploited by an attacker with existing administrative privileges to inject commands and run as a site user." That would allow a remote attacker to execute underlying operating system commands.
Extension Poisoning Campaign Highlights Gaps in Browser Security
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
HighPath Traversal
MediumXSLT Injection
MediumHTTP Parameter Override
MediumRelative Path Confusion
Free online web security scanner