Portail 
Forum 
Devolutions Force 
Hub Business 
Hub Personal 
Devolutions Send 
Devolutions Academy 
RDM 
Workspace 
Launcher 
Sécurité et conformité
Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.
DEVO-2025-0008
Devolutions Server is affected by a vulnerability.
Produits affectés
Journal des modifications
28/05/2025 - Initial publication
8.4 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H
Improper privilege assignment in PAM JIT privilege sets
Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.
If you are not using PAM, you are not affected.
Produits affectés
CVE(s)
CVE-2025-4493
Mesures correctives et solutions de contournement
How to know if you are affected?
This vulnerability affects the JIT Privilege Sets of the PAM module.If you are not using PAM, you are not affected.
If JIT Privilege Sets are not enabled on your PAM providers, or if no privilege sets are configured on your providers, you are not affected. This information can be found in your PAM provider configuration under the "JIT privilege elevation" section.
If you are using JIT Privilege Sets, you might be affected, and we recommend following the instructions in the next section.
What actions are necessary if you are affected?
Review the "Assigned provider privileges" of your privilege sets. If all available groups are selected, you are affected by the security issue—unless this configuration was intentional. Review each group and assign only the groups that this set should have access to.
To simplify this review, starting with Devolutions Server Console 2025.1.10, a security notice will appear in the update server instance summary. This notice will inform you if your instance is potentially affected by this issue. It will list the potentially affected providers and privilege sets.
