Avis de sécurité

Sécurité et conformité

Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.

Avis Signaler un problème de sécurité Centre de confiance

Retour à la liste

DEVO-2025-0011

Devolutions Server is affected by multiple vulnerabilities.

Produits affectés

See vulnerabilities for affected products.

Journal des modifications

4/06/2025 - Initial publication

Medium 6.9 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Improper access control in users MFA feature

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

Produits affectés

CVE(s)

CVE-2025-5382

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.1.9.0 or higher

2.3 Low - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Improper access control in Tor network blocking feature

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

Produits affectés

CVE(s)

CVE-2025-3768

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.2.0 or higher

Medium 5.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Improper access control in permissions component

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.

Produits affectés

CVE(s)

CVE-2025-0691

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.2.0 or higher