Trust Portal

In December 2025, BeyondTrust became aware of a critical vulnerability affecting React Server Components and frameworks such as Next.js, classified as CVE-2025-55182 (commonly referred to as “React2Shell”). This vulnerability could allow remote code execution under certain conditions.  

Our team immediately initiated an investigation to assess any potential impact on BeyondTrust systems or data. Using our suite of security tools and audit capabilities, we have found no evidence of compromise. Additionally, we have applied all vendor-recommended patches within our environment and implemented enhanced monitoring. 

We will continue to monitor the situation and provide updates as needed. For more information, refer to the official guidance from React and Nextjs , as well as any Cybersecurity & Infrastructure Security Agency (CISA) Alerts & Advisories.

BeyondTrust is actively monitoring recent threat activity targeting SaaS supply chains, including the Gainsight-Salesforce compromise. In accordance with our incident response protocols, we immediately initiated an internal investigation, which has produced no evidence of impact to BeyondTrust systems or data. We continue to maintain heightened vigilance and continue to monitor for any anomalous activity.
 

Key Observations

• Threat actors are leveraging social engineering and OAuth abuse in SaaS integrations.
• No indicators of compromise or unauthorized access detected in BeyondTrust environments.
• BeyondTrust continues to actively maintain comprehensive detection for behavioral anomalies such as OAuth token misuse and suspicious API calls.
   

Customer Impact Assessment

• No observed impact to BeyondTrust customers.
• All customer-facing services remain fully operational.
• No evidence of unauthorized access to BeyondTrust data or systems.
• BeyondTrust will promptly update customers if the situation changes.

In mid-October 2025, BeyondTrust became aware of a security incident disclosed by F5 Networks involving unauthorized access by a nation-state threat actor to internal systems, including their BIG-IP product development environment. 

Our team promptly reviewed our infrastructure and can confirm that we do not utilize any F5 technologies. Based on this assessment, we are not impacted by this incident. 

Out of an abundance of caution, we recommend:

• Notifying supply chain partners to ensure awareness and evaluation of any potential downstream impacts
• Continuing to monitor threat intelligence sources for indicators of compromise related to this disclosure
• Maintaining heightened vigilance across your environment 

We remain committed to transparency and will provide updates should new information become available. For more details, please refer to the advisory posted by F5: https://www.f5.com/company/blog/f5-security-incident-update.

For details regarding the Salesforce/Drift security incident, please refer to the following link: Incident Summary.

We want to inform you of a newly disclosed high vulnerabilities affecting Privilege Management for Windows for customers on versions prior to 25.4.270.0.
 
Vulnerability ID: BT25-05 and BT25-06
 
Severity: High
 
Description:

• CVE-2025-2297: A vulnerability in Privilege Management for Windows allows a local authenticated attacker to elevate privileges by manipulating user profile files and injecting illegitimate challenge response codes into the local user registry.
• CVE-2025-6250: A vulnerability in Privilege Management for Windows allows a local attacker with elevated privileges to bypass anti-tamper protections by stopping the Defendpoint service using wmic.exe, enabling unauthorized privilege escalation.

Public Disclosure Date: 2025-07-28
 
Customers can push version 25.4.270.0 to clients to remediate this vulnerability; customers with auto-update enabled will be patched automatically. Please note that this is not related to a security incident and is a proactive message from BeyondTrust. There are no known exploits for these vulnerabilities.
 
For more information, refer to the official Security Advisory.