Security & Compliance
DEVO-2025-0006
Summary
Devolutions Server is affected by a security vulnerability.
Affected Products
Devolutions Server 2025.1.5.0 and earlier
Change Log
2025-05-01 - Initial publication
Severity
Medium
Product
Devolutions Server
Fix Version
2025.1.6.0
Incorrect privilege assignment in PAM JIT elevation feature
Description
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.1.6.0 or higher
Severity
6.9 Medium - CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Affected Products
Devolutions Server 2025.1.5.0 and earlier
CVE(s)
CVE-2025-3517