advisories

Sicherheit & Regelkonformität

Wir halten die höchsten Standards ein, um Ihre Daten zu schützen und Vertrauen zu gewährleisten.

Warnungen Ein sicherheitsproblem melden warnungen Trust Center

Back to listing

DEVO-2025-0013

Devolutions Server is affected by multiples vulnerabilites

Betroffene Produkte

Devolutions Server

2025.2.2.0 through 2025.2.5.0

Devolutions Server

2025.1.12.0 and earlier

Änderungsprotokoll

30/07/2025 - Initial publication

7.3 High - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H

Deadlock in PAM automatic check-in feature in Devolutions Server

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.

Betroffene Produkte

CVE(s)

CVE-2025-8312

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.2.7.0 or higher

Upgrade to Devolutions Server 2025.1.13.0 or higher

2.1 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

UI Discrepancy when performing JIT group deletion

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

Betroffene Produkte

CVE(s)

CVE-2025-8353

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.2.5.0 or higher