Vendor scorecard
BeyondTrust
BeyondTrust security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: beyondtrust
Product families
1
Open in latest
5
Inferred — see methodology
Last disclosure
Feb 6, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Privileged Remote Access / PAMSecure Remote Access / VPN · Identity & Access Managementprivileged_remote_access, remote_support, privilege_management_for_windows | 4 | 5 | 2023-07-14MED |
02
Recent CVEs
3 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-1731(opens NVD record) | Critical | 9.8 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | Feb 6, 2026 |
| CVE-2025-6250(opens NVD record) | Medium | 6.7 | Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions. | Jul 28, 2025 |
| CVE-2025-2297(opens NVD record) | High | 7.8 | Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator. | Jul 28, 2025 |
3 CVEs · 1 product families