CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2280

In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID...

CVE-2025-2278

CVE-2025-2278 affects Devolutions Server versions prior to or equal to 2024.3.13. The issue is improper access control in the temporary access requests and checkout requests endpoints, enabling an authenticated user to view information about these requests via a known request ID. The provided met...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

CVE-2025-2277

CVE-2025-2277 affects Devolutions Server

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions, which stems from improper access control in the Temporary...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and earlier, which stems from a missing password mask in the web-based SSH...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions that stems from improper access control of the Web Extension...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Summary (CVE-2025-2003) : Affected product Devolutions Server (versions 2024.3.12 and earlier) contains an incorrect authorization flaw in PAM vaults that allows an authenticated user to bypass the ‘add in root’ permission. Public sources consistently describe this as an authorization bypass vuln...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...