Devolutions Server <= 2025.2.4.0 UI Discrepancy for Security Feature (DEVO-2025-0013) (CVE-2025-8353)

The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.4.0 and is, therefore, affected by a UI discrepancy for security feature vulnerability: - UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0...

Devolutions Server <= 2025.2.5.0 Deadlock (DEVO-2025-0013) (CVE-2025-8312)

The version of Devolutions Server installed on the remote host is prior or equial to 2025.2.5.0 and is, therefore, affected by a deadlock vulnerability: - Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out...

CVE-2025-8353

UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8353

UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

CVE-2025-8312 describes a deadlock in Devolutions Server’s PAM automatic check-in feature that can allow a password to stay valid past its intended check-out. Affected versions include Devolutions Server 2025.2.2.0 through 2025.2.5.0 and 2025.1.12.0 and earlier. The root cause is a scheduling-ser...

CVE-2025-8353

UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing...

CVE-2025-8353

UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing...

CVE-2025-8353

The CVE-2025-8353 entry concerns a UI synchronization issue in Devolutions Server (JIT) that affects versions prior to and including 2025.2.4.0. A remote authenticated attacker could exploit stale UI state during standard checkout processing to gain unauthorized access to deleted JIT Groups. Affe...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.2.4.0 and earlier, which stems from a UI synchronization issue that could lead to...

PT-2025-31414 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.2.5.0 and earlier Description: A deadlock in the PAM automatic check-in feature allows a password to remain valid beyond its intended check-out period. This is due to a deadlock occurring in the scheduling...

PT-2025-31415 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions prior to 2025.2.4.0 Description: A UI synchronization issue exists in the Just-in-Time JIT access request approval interface. This issue allows a remote authenticated attacker to gain unauthorized access to deleted...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.2.5.0 and prior versions, which stems from a deadlock issue with the PAM autosign-in...

CVE-2025-6523

Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : Devolutions...

CVE-2025-6741

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...

Devolutions Server <= 2025.1.11.0 / 2025.2.2.0 < 2025.2.5.0 Improper Access Control (DEVO-2025-0012) (CVE-2025-6741)

The version of Devolutions Server installed on the remote host is prior to 2025.1.11.0 or 2025.2.2.0 prior to 2025.2.5.0 and is, therefore, affected by an improper access control vulnerability: - Improper access control in secure message component in Devolutions Server allows an authenticated use...

Devolutions Server <= 2025.1.11.0 / 2025.2.2.0 < 2025.2.4.0 Weak Credentials (DEVO-2025-0012) (CVE-2025-6523)

The version of Devolutions Server installed on the remote host is prior to 2025.1.11.0 or 2025.2.2.0 prior to 2025.2.4.0 and is, therefore, affected by a weak credentials vulnerability: - Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated...