Security & Compliance

Warnungen Ein sicherheitsproblem melden warnungen Trust Center

DEVO-2025-0015

Zusammenfassung

Devolutions Server is affected by multiple vulnerabilities.

Betroffene Produkte

See vulnerabilities for affected products.

Änderungsprotokoll

20/10/2025 - Initial publication

Schweregrad

High

Produkt

Devolutions Server

Behobene Version

See vulnerabilities for fixed versions

Improper authorization in the “Temporary access” workflow of Devolutions Server

Beschreibung

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.2.14.0 or higher

Schweregrad

9 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Betroffene Produkte

Devolutions Server 2025.2.12.0 and earlier

CVE(s)

CVE-2025-11957

An improper input validation in the Security Dashboard

Beschreibung

An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.3.2.0 or higher

Schweregrad

5.1 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Betroffene Produkte

Devolutions Server 2025.2.15.0 and earlier

CVE(s)

CVE-2025-11958