CVE-2025-0691

CVE-2025-0691 concerns Devolutions Server versions 2025.1.10.0 and earlier, where improper access control in the permissions component lets an authenticated user bypass the "Edit permission" permission by bypassing client-side validation. The impact is limited to bypassing permission checks to ed...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...

CVE-2025-5382

CVE-2025-5382 concerns Devolutions Server (versions ≤ 2025.1.7.0) where improper access control in the user MFA feature lets a user with the user-management permission remove or change administrators’ MFA settings. The vulnerability affects the MFA configuration component and is triggered by insu...

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...

CVE-2025-3768

CVE-2025-3768 affects Devolutions Server (versions 2025.1.10.0 and earlier) due to improper access control in the Tor network blocking feature. An authenticated user can bypass the Tor blocking when the Devolutions hosted endpoint is unreachable, with a CVSSv3.1 base score of 5.0 (Medium). No exp...

CVE-2025-3768

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable...

CVE-2025-3768

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable...

Devolutions Server 访问控制错误漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.1.7.0 and prior versions that stems from improper access control of the user MFA...

PT-2025-23929 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.10.0 and earlier Description: The issue is related to improper access control in the permissions component, allowing an authenticated user to bypass the "Edit permission" permission. This is achieved by...

PT-2025-23930 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.10.0 and earlier Description: The issue is related to improper access control in the Tor network blocking feature. This allows an authenticated user to bypass the Tor blocking feature when the Devolutions...

PT-2025-23931 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.7.0 and earlier Description: The issue is related to inadequate access control in the Multi-Factor Authentication MFA feature for users in Devolutions Server. This allows a user with user management permissi...

Devolutions Server 访问控制错误漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.1.10.0 and earlier, which stems from improper access control of the Tor network...

Devolutions Server 访问控制错误漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. An Access Control Error vulnerability exists in Devolutions Server version 2025.1.10.0 and prior versions, which stems from improper access control of...

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges...

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges...

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4433

CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...