Security & Compliance

DEVO-2025-0003

Summary

Devolutions Server is affected by a vulnerability.

Affected Products

Devolutions Server 2024.3.12 and earlier

Change Log

5/3/2025 - Initial publication

Severity

Medium

Products

Devolutions Server

Fix Version

2024.3.13

Incorrect authorization in PAM vaults

Description

Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

Severity

Medium 6.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products

Devolutions Server 2024.3.12 and earlier

CVE(s)

CVE-2025-2003

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS

Legal & privacy | infos@devolutions.net

All rights reserved © 2025 Devolutions