Sécurité et conformité
DEVO-2025-0010
Résumé
Devolutions Server is affected by a vulnerability.
Produits affectés
Devolutions Server 2025.1.7.0 and earlier
Journal des modifications
30/05/2025 - Initial publication
Sévérité
High
Produit
Devolutions Server
Version corrigée
2025.1.9.0
Improper access control in user group management
Description
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.1.9.0 or higher
Sévérité
8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produits affectés
Devolutions Server 2025.1.7.0 and earlier
CVE(s)
CVE-2025-4433