Lucene search
+L
DevolutionsDevolutions Server

25 matches found

CVE
CVE
added 2025/02/11 2:5 p.m.70 views

CVE-2025-1231

The CVE-2025-1231 affects Devolutions Server 2024.3.10.0 and earlier, caused by an improper password reset in the PAM module that lets an authenticated user reuse the oracle password after check-in due to a crash in the password reset flow. Exploitation details are not provided in the documents. ...

5.4CVSS5.5AI score0.00337EPSS
CVE
CVE
added 2025/03/13 1:2 p.m.67 views

CVE-2025-2280

In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...

8.1CVSS8AI score0.0047EPSS
CVE
CVE
added 2025/05/05 2:0 p.m.66 views

CVE-2025-4316

CVE-2025-4316 describes an improper access control in the PAM feature of Devolutions Server that enables a PAM user to self-approve requests, contrary to policy. Affected versions include 2025.1.3.0–2025.1.6.0 and all versions up to 2024.3.15.0. The issue’s root cause is restricted to PAM workflo...

4.3CVSS4.5AI score0.00305EPSS
CVE
CVE
added 2025/03/13 12:56 p.m.61 views

CVE-2025-2278

CVE-2025-2278 affects Devolutions Server versions prior to or equal to 2024.3.13. The issue is improper access control in the temporary access requests and checkout requests endpoints, enabling an authenticated user to view information about these requests via a known request ID. The provided met...

6.5CVSS6.2AI score0.00421EPSS
CVE
CVE
added 2025/03/05 6:56 p.m.60 views

CVE-2025-2003

Summary (CVE-2025-2003) : Affected product Devolutions Server (versions 2024.3.12 and earlier) contains an incorrect authorization flaw in PAM vaults that allows an authenticated user to bypass the ‘add in root’ permission. Public sources consistently describe this as an authorization bypass vuln...

7.1CVSS7AI score0.00409EPSS
CVE
CVE
added 2025/05/01 6:26 p.m.58 views

CVE-2025-3517

CVE-2025-3517 affects Devolutions Server (versions ≤ 2025.1.5.0) and concerns the PAM JIT elevation feature. The root cause is an incorrect privilege assignment caused by failure to update the internal account SID when updating a username, enabling a PAM user to elevate a previously configured us...

6.3CVSS6.3AI score0.00267EPSS
CVE
CVE
added 2025/06/05 1:41 p.m.57 views

CVE-2025-0691

CVE-2025-0691 concerns Devolutions Server versions 2025.1.10.0 and earlier, where improper access control in the permissions component lets an authenticated user bypass the "Edit permission" permission by bypassing client-side validation. The impact is limited to bypassing permission checks to ed...

5CVSS6.8AI score0.00268EPSS
CVE
CVE
added 2025/05/30 12:16 p.m.57 views

CVE-2025-4433

CVE-2025-4433 affects Devolutions Server (versions 2025.1.7.0 and earlier). The vulnerability arises from improper access control in User Group Management, enabling a non-administrative user who has both User Management and User Group Management permissions to escalate privileges by adding users ...

8.8CVSS6.9AI score0.00465EPSS
CVE
CVE
added 2025/06/05 1:37 p.m.57 views

CVE-2025-5382

CVE-2025-5382 concerns Devolutions Server (versions ≤ 2025.1.7.0) where improper access control in the user MFA feature lets a user with the user-management permission remove or change administrators’ MFA settings. The vulnerability affects the MFA configuration component and is triggered by insu...

6.8CVSS6.9AI score0.00337EPSS
CVE
CVE
added 2025/05/28 12:35 p.m.56 views

CVE-2025-4493

The CVE-2025-4493 entry concerns Devolutions Server, where an improper privilege assignment in PAM JIT privilege sets can let a PAM user perform PAM JIT requests on unauthorized groups due to a user interface issue. Impacted versions include 2025.1.3.0–2025.1.7.0 and 2024.3.15.0 and earlier. The ...

6.5CVSS6.9AI score0.00311EPSS
CVE
CVE
added 2025/03/13 12:47 p.m.55 views

CVE-2025-2277

CVE-2025-2277 affects Devolutions Server

7.5CVSS6.9AI score0.00515EPSS
CVE
CVE
added 2025/06/05 1:36 p.m.54 views

CVE-2025-3768

CVE-2025-3768 affects Devolutions Server (versions 2025.1.10.0 and earlier) due to improper access control in the Tor network blocking feature. An authenticated user can bypass the Tor blocking when the Devolutions hosted endpoint is unreachable, with a CVSSv3.1 base score of 5.0 (Medium). No exp...

5CVSS6.8AI score0.00213EPSS
CVE
CVE
added 2025/07/30 4:10 p.m.25 views

CVE-2025-8312

CVE-2025-8312 describes a deadlock in Devolutions Server’s PAM automatic check-in feature that can allow a password to stay valid past its intended check-out. Affected versions include Devolutions Server 2025.2.2.0 through 2025.2.5.0 and 2025.1.12.0 and earlier. The root cause is a scheduling-ser...

7.1CVSS6.4AI score0.00299EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.24 views

CVE-2025-13765

CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...

4.3CVSS6.5AI score0.00326EPSS
CVE
CVE
added 2025/07/30 4:6 p.m.23 views

CVE-2025-8353

The CVE-2025-8353 entry concerns a UI synchronization issue in Devolutions Server (JIT) that affects versions prior to and including 2025.2.4.0. A remote authenticated attacker could exploit stale UI state during standard checkout processing to gain unauthorized access to deleted JIT Groups. Affe...

5.9CVSS7.1AI score0.00389EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.22 views

CVE-2025-13757

CVE-2025-13757 affects Devolutions Server. The issue is an SQL injection in the last usage logs, exploitable across affected builds through 2025.2.20 and 2025.3.8. CVSS v3.1 base score 8.8 (NETWORK, LOW complexity, LOW privileges, no user interaction). Impact is high on confidentiality, integrity...

8.8CVSS7.7AI score0.00524EPSS
CVE
CVE
added 2025/11/28 5:0 p.m.21 views

CVE-2025-13683

CVE-2025-13683 describes exposure of credentials via unintended requests in Devolutions Server and Devolutions Remote Desktop Manager on Windows. Affected versions: Devolutions Server up to 2025.3.8.0 and Remote Desktop Manager up to 2025.3.23.0. Impact is high confidentiality exposure over netwo...

6.5CVSS6.7AI score0.00346EPSS
CVE
CVE
added 2025/10/22 5:8 p.m.20 views

CVE-2025-11958

Devolutions Server

5.1CVSS6.1AI score0.00406EPSS
CVE
CVE
added 2025/07/22 5:0 p.m.20 views

CVE-2025-6523

CVE-2025-6523 affects Devolutions Server, where the emergency authentication component allows unauthenticated bypass via brute-forcing short emergency codes. Affected are Devolutions Server 2025.2.2.0–2025.2.3.0 and 2025.1.11.0 and earlier. Root cause is use of weak credentials in the emergency a...

9.5CVSS7.6AI score0.00394EPSS
CVE
CVE
added 2025/07/22 5:0 p.m.19 views

CVE-2025-6741

CVE-2025-6741 describes improper access control in the Devolutions Server secure message component, enabling an authenticated user to steal unauthorized entries via the secure message entry attachment feature. Affected are Devolutions Server 2025.2.2.0–2025.2.4.0 and 2025.1.11.0 and earlier. Root...

7.7CVSS6.9AI score0.0035EPSS
CVE
CVE
added 2025/10/15 7:45 p.m.17 views

CVE-2025-11619

The CVE-2025-11619 entry affects Devolutions Server. Affected component: the server’s gateway connection path where improper certificate validation occurs during gateway connections. Root cause: improper certificate validation enables a man-in-the-middle position to intercept traffic when establi...

8.8CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2025/10/22 5:9 p.m.17 views

CVE-2025-11957

Devolutions Server (versions up to and including 2025.2.12.0) is affected by an improper authorization vulnerability in the temporary access workflow. An authenticated basic user can self-approve or approve others’ temporary access requests, enabling unauthorized access to vaults and entries via ...

9CVSS6.3AI score0.00298EPSS
CVE
CVE
added 2025/11/06 4:37 p.m.17 views

CVE-2025-12485

CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...

8.8CVSS6.3AI score0.0058EPSS
CVE
CVE
added 2025/11/27 3:30 p.m.16 views

CVE-2025-13758

CVE-2025-13758 is tied to Devolutions Server and describes exposure of credentials in unintended requests. The connected Nessus entry (DEVO-2025-0018) confirms this issue alongside related CVEs and states affected versions include Devolutions Server up to 2025.2.20 and up to 2025.3.8, respectivel...

3.5CVSS6.6AI score0.00258EPSS
CVE
CVE
added 2025/11/06 4:36 p.m.13 views

CVE-2025-12808

CVE-2025-12808 affects Devolutions Server. The vulnerability is due to improper access control that allows a View-only user to retrieve sensitive third-level nested fields (e.g., password lists custom values), potentially leading to password disclosure. Affected versions include Devolutions Serve...

6.5CVSS6.5AI score0.00392EPSS