Avis de sécurité

Sécurité et conformité

Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.

Avis Signaler un problème de sécurité Centre de confiance

Retour à la liste

DEVO-2025-0015

Devolutions Server is affected by multiple vulnerabilities.

Produits affectés

See vulnerabilities for affected products.

Journal des modifications

20/10/2025 - Initial publication

9 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Improper authorization in the “Temporary access” workflow of Devolutions Server

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.

Produits affectés

CVE(s)

CVE-2025-11957

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.14.0 or higher

5.1 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

An improper input validation in the Security Dashboard

An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.

Produits affectés

CVE(s)

CVE-2025-11958

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.3.2.0 or higher