Trust Portal

In December 2025, BeyondTrust became aware of a critical vulnerability affecting React Server Components and frameworks such as Next.js, classified as CVE-2025-55182 (commonly referred to as “React2Shell”). This vulnerability could allow remote code execution under certain conditions.  

Our team immediately initiated an investigation to assess any potential impact on BeyondTrust systems or data. Using our suite of security tools and audit capabilities, we have found no evidence of compromise. Additionally, we have applied all vendor-recommended patches within our environment and implemented enhanced monitoring. 

We will continue to monitor the situation and provide updates as needed. For more information, refer to the official guidance from React and Nextjs , as well as any Cybersecurity & Infrastructure Security Agency (CISA) Alerts & Advisories.

BeyondTrust is actively monitoring recent threat activity targeting SaaS supply chains, including the Gainsight-Salesforce compromise. In accordance with our incident response protocols, we immediately initiated an internal investigation, which has produced no evidence of impact to BeyondTrust systems or data. We continue to maintain heightened vigilance and continue to monitor for any anomalous activity.
 

Key Observations

• Threat actors are leveraging social engineering and OAuth abuse in SaaS integrations.
• No indicators of compromise or unauthorized access detected in BeyondTrust environments.
• BeyondTrust continues to actively maintain comprehensive detection for behavioral anomalies such as OAuth token misuse and suspicious API calls.
   

Customer Impact Assessment

• No observed impact to BeyondTrust customers.
• All customer-facing services remain fully operational.
• No evidence of unauthorized access to BeyondTrust data or systems.
• BeyondTrust will promptly update customers if the situation changes.

In February 2026, BeyondTrust identified a critical pre-authentication remote code execution vulnerability affecting BeyondTrust Remote Support and certain older versions of Privileged Remote Access, classified as CVE-2026-1731. Self-hosted customers should apply the appropriate patch (BT26-02-RS or BT26-02-PRA) or upgrade to a supported version as outlined in our Knowledge Base article.  

For up to date information, please refer to the BeyondTrust Security Advisories

In mid-October 2025, BeyondTrust became aware of a security incident disclosed by F5 Networks involving unauthorized access by a nation-state threat actor to internal systems, including their BIG-IP product development environment. 

Our team promptly reviewed our infrastructure and can confirm that we do not utilize any F5 technologies. Based on this assessment, we are not impacted by this incident. 

Out of an abundance of caution, we recommend:

• Notifying supply chain partners to ensure awareness and evaluation of any potential downstream impacts
• Continuing to monitor threat intelligence sources for indicators of compromise related to this disclosure
• Maintaining heightened vigilance across your environment 

We remain committed to transparency and will provide updates should new information become available. For more details, please refer to the advisory posted by F5: https://www.f5.com/company/blog/f5-security-incident-update.

For details regarding the Salesforce/Drift security incident, please refer to the following link: Incident Summary.