Devolutions Server Security Vulnerabilities and Issues — Devolutions Server CVE List

Lucene search

DevolutionsDevolutions Server

12 matches found

CVE•added 2025/02/11 2:15 p.m.•50 views

CVE-2025-1231

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

5.4CVSS5.5AI score0.00045EPSS

CVE•added 2025/03/13 1:15 p.m.•48 views

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.

8.1CVSS8AI score0.00052EPSS

CVE•added 2025/05/05 2:15 p.m.•47 views

CVE-2025-4316

Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up t...

4.3CVSS4.5AI score0.0004EPSS

CVE•added 2025/03/13 1:15 p.m.•44 views

CVE-2025-2278

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.

6.5CVSS6.2AI score0.00052EPSS

CVE•added 2025/03/05 7:15 p.m.•42 views

CVE-2025-2003

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

7.1CVSS7AI score0.0007EPSS

CVE•added 2025/05/28 1:15 p.m.•42 views

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in DevolutionsServer allows a PAM user to perform PAM JITrequests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server 2024...

6.5CVSS6.9AI score0.0004EPSS

CVE•added 2025/05/01 7:15 p.m.•41 views

CVE-2025-3517

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

6.3CVSS6.3AI score0.00053EPSS

CVE•added 2025/05/30 1:15 p.m.•41 views

CVE-2025-4433

Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.

8.8CVSS6.9AI score0.00043EPSS

CVE•added 2025/06/05 2:15 p.m.•40 views

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.

5CVSS6.8AI score0.00029EPSS

CVE•added 2025/06/05 2:15 p.m.•40 views

CVE-2025-3768

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

5CVSS6.8AI score0.00046EPSS

CVE•added 2025/06/05 2:15 p.m.•40 views

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

6.8CVSS6.9AI score0.00037EPSS

CVE•added 2025/03/13 1:15 p.m.•38 views

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.

7.5CVSS6.9AI score0.0009EPSS