Portal 
Forum 
Devolutions Force 
Devolutions Hub Business 
Devolutions Hub Personal 
Devolutions Send 
Devolutions Academy 
RDM 
Workspace 
Launcher 
Sicherheit & Regelkonformität
Wir halten die höchsten Standards ein, um Ihre Daten zu schützen und Vertrauen zu gewährleisten.
DEVO-2025-0011
Devolutions Server is affected by multiple vulnerabilities.
Betroffene Produkte
See vulnerabilities for affected products.
Änderungsprotokoll
4/06/2025 - Initial publication
Medium 6.9 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Improper access control in users MFA feature
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
Betroffene Produkte
CVE(s)
CVE-2025-5382
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.1.9.0 or higher
2.3 Low - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Improper access control in Tor network blocking feature
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
Betroffene Produkte
CVE(s)
CVE-2025-3768
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.2.0 or higher
Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Improper access control in permissions component
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.
Betroffene Produkte
CVE(s)
CVE-2025-0691
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.2.0 or higher
