CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission...

CVE-2025-2003

Summary (CVE-2025-2003) : Affected product Devolutions Server (versions 2024.3.12 and earlier) contains an incorrect authorization flaw in PAM vaults that allows an authenticated user to bypass the ‘add in root’ permission. Public sources consistently describe this as an authorization bypass vuln...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.12 and prior versions that stems from improper authorization and allows bypassing the...

Devolutions Remote Desktop < 2024.3.20.0 Improper Certificate Validation (DEVO-2025-0001)

The version of Devolutions Remote Desktop Manager installed on the remote host is prior to 2024.3.20.0 and is, therefore, affected by an improper certificate validation vulnerability: - Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on...

Devolutions Server < 2024.3.11.0 Improper Password Reset (DEVO-2025-0002)

The version of Devolutions Server installed on the remote host is prior to 2024.3.11.0 and is, therefore, affected by an improper password reset vulnerability: - Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle us...

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality...

CVE-2025-1193

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host...

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality...

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality...

CVE-2025-1231

The CVE-2025-1231 affects Devolutions Server 2024.3.10.0 and earlier, caused by an improper password reset in the PAM module that lets an authenticated user reuse the oracle password after check-in due to a crash in the password reset flow. Exploitation details are not provided in the documents. ...

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality...

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality...

PT-2025-6217 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.10.0 and earlier, which stems from an improper password reset in the PAM module that...

CVE-2025-1193

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host...

CVE-2024-11621

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager...

CVE-2024-11621

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager...