Sécurité et conformité

Avis Signaler un problème de sécurité Centre de confiance

DEVO-2025-0015

Résumé

Devolutions Server is affected by multiple vulnerabilities.

Produits affectés

See vulnerabilities for affected products.

Journal des modifications

20/10/2025 - Initial publication

Sévérité

High

Produit

Devolutions Server

Version corrigée

See vulnerabilities for fixed versions

Improper authorization in the “Temporary access” workflow of Devolutions Server

Description

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.14.0 or higher

Sévérité

9 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Produits affectés

Devolutions Server 2025.2.12.0 and earlier

CVE(s)

CVE-2025-11957

An improper input validation in the Security Dashboard

Description

An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.3.2.0 or higher

Sévérité

5.1 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Produits affectés

Devolutions Server 2025.2.15.0 and earlier

CVE(s)

CVE-2025-11958