Security & Compliance

Warnungen Ein sicherheitsproblem melden warnungen Trust Center

DEVO-2025-0011

Zusammenfassung

Devolutions Server is affected by multiple vulnerabilities.

Betroffene Produkte

See vulnerabilities for affected products.

Änderungsprotokoll

4/06/2025 - Initial publication

Schweregrad

Medium

Produkt

Devolutions Server

Behobene Version

See vulnerabilities for fixed versions

Improper access control in users MFA feature

Beschreibung

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.1.9.0 or higher

Schweregrad

Medium 6.9 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Betroffene Produkte

Devolutions Server 2025.1.7.0 and earlier

CVE(s)

CVE-2025-5382

Improper access control in Tor network blocking feature

Beschreibung

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.2.2.0 or higher

Schweregrad

2.3 Low - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2025.1.10.0 and earlier

CVE(s)

CVE-2025-3768

Improper access control in permissions component

Beschreibung

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.2.2.0 or higher

Schweregrad

Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2025.1.10.0 and earlier

CVE(s)

CVE-2025-0691