CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...

PT-2025-45338

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 through 2025.3.5.0 Description A flaw exists in Devolutions Server related to improper privilege management during the handling of pre-MFA cookies. A low-privileged authenticated user can potentially...

PT-2025-45339

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 through 2025.3.5.0 Description A flaw in access control allows a View-only user to access sensitive, deeply nested data, specifically custom values within password lists, potentially leading to password...

CVE-2025-11958

An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request...

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an improper input validation vulnerability that stems from...

PT-2025-43381

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.15.0 and earlier Description An improper input validation exists in the Security Dashboard's ignored-tasks API. An authenticated user can send a crafted request to cause a denial of service to the Security...