advisories

Sicherheit & Regelkonformität

Wir halten die höchsten Standards ein, um Ihre Daten zu schützen und Vertrauen zu gewährleisten.

Warnungen Ein sicherheitsproblem melden warnungen Trust Center

Back to listing

DEVO-2025-0016

Devolutions Server is affected by multiple vulnerabilities.

Betroffene Produkte

Devolutions Server

2025.3.5 and earlier

Änderungsprotokoll

6/11/2025 - Initial publication

9.4 Critical - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Improper privilege management during pre-MFA cookie handling

Improper privilege management during pre-MFA cookie handling in Devolutions Server 2025.3.5.0 and earlier allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.

This does not bypass the target account MFA verification step.

Betroffene Produkte

CVE(s)

CVE-2025-12485

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.3.6.0 or higher

7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Improper access control in in Devolutions Server in sensitive third-level fields

Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure.

Betroffene Produkte

CVE(s)

CVE-2025-12808

Behebungen und Workarounds

Upgrade to Devolutions Server 2025.3.6.0 or higher