DocumentationAPI ReferenceRelease Notes
Release Notes
Back to All

BeyondTrust Discovery Agent 25.3.0 release notes

about 10 hours ago

December 11, 2025

ℹ️

This release is available by download from the BeyondTrust Client Portal.

🆕 New features

  • Added support for Kerberos only networks by opening of connections to the scan target with the hostname instead of the IP address.
  • Added a runtime option to control the default IPC mode for the BTDiscovery.cmd.
  • Use additional commands to improve the target Role in Linux systems (RedHat and Debian based distros).
  • Support a new CP message to convert the authentication method to OAuth.
  • Added support for the PreferIPv4 option to BTExecClient.

⛔ Known issues

  • Windows PowerShell doesn't properly send the command line options for btdiscovery.cmd to the program. This command needs to be run in a standard Windows command shell.
  • There is an issue running the Discovery Agent with .NET Hosting 8.0.1. Either downgrade to 8.0.0 or upgrade to 8.0.2 or greater.
  • Sybase authentication is not supported for IPv6.
  • MySQL 9 on Linux enumeration is not supported at this time.

⚙️ Signatures

  • The MD5 signature is: 62bad7e5931a24a941e6b1c2b788c5a5
  • The SHA-1 signature is: 509a050dd8e9f42999418b7ca935ab19ea44d516
  • The SHA-256 signature is: af65340f31379040743113901480ced11bf1c63c23dbca225d44785ca332cc9b

🛠️ Issues resolved

DescriptionResolution
Scan data returns duplicates of domain users with different formats. (that is, user\domain and user\domain.)The issue was resolved by normalizing the domain usernames reported back so that the format is consistent, only one backslash is included.
Domain groups aren't enumerating correctly by impersonating the scanning credential.Domain groups now enumerate correctly.
Named Pipe handles are left open after a scan has been completed. They are not properly terminated by the remote agent.The remote agent shutdown process works as expected. Named Pipes properly close when the service is shut down.
A user impersonation error results in MSSQL database instances to fail to enumerate.MSSQL enumeration now properly impersonates the scanning credential to allow for complete database enumeration.

📝 Requirements

  • There is a product dependency on having the .NET 8 Hosting package installed.
  • OAuth authorization is dependent on having BI version 24.2.0
  • The Central Policy message to retrieve all scheduled scans is dependent on BI version 24.3.0 and higher.
  • Support for SSH Session encryption using the SHA1 cipher is removed. SHA256 or higher should be used.
  • Support for DSA encryption as an SSH authentication cipher has been removed.
  • Support for Windows 8 and Server 2012 as a scanner host is deprecated.

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.