Security & Compliance
DEVO-2025-0013
Zusammenfassung
Devolutions Server is affected by multiples vulnerabilites
Betroffene Produkte
Devolutions Server 2025.2.5.0 and earlier
Änderungsprotokoll
30/07/2025 - Initial publication
Schweregrad
High
Produkt
Devolutions Server
Behobene Version
2025.2.7.0
Deadlock in PAM automatic check-in feature in Devolutions Server
Beschreibung
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.7.0 or higher
Schweregrad
7.3 High - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H
Betroffene Produkte
Devolutions Server 2025.2.5.0 and earlier
CVE(s)
CVE-2025-8312
UI Discrepancy when performing JIT group deletion
Beschreibung
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.5.0 or higher
Schweregrad
2.1 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
Devolutions Server 2025.2.4 and earlier
CVE(s)
CVE-2025-8353