Security & Compliance
DEVO-2025-0010
Zusammenfassung
Devolutions Server is affected by a vulnerability.
Betroffene Produkte
Devolutions Server 2025.1.7.0 and earlier
Änderungsprotokoll
30/05/2025 - Initial publication
Schweregrad
High
Produkt
Devolutions Server
Behobene Version
2025.1.9.0
Improper access control in user group management
Beschreibung
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.1.9.0 or higher
Schweregrad
8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Betroffene Produkte
Devolutions Server 2025.1.7.0 and earlier
CVE(s)
CVE-2025-4433