Security & Compliance

DEVO-2025-0006

Summary

Devolutions Server is affected by a security vulnerability.

Affected Products

Devolutions Server 2025.1.5.0 and earlier

Change Log

2025-05-01 - Initial publication

Severity

Medium

Product

Devolutions Server

Fix Version

2025.1.6.0

Incorrect privilege assignment in PAM JIT elevation feature

Description

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

Remediation and Workarounds

Upgrade to Devolutions Server 2025.1.6.0 or higher

Severity

6.9 Medium - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N

Affected Products

Devolutions Server 2025.1.5.0 and earlier

CVE(s)

CVE-2025-3517