Security & Compliance
DEVO-2025-0007
Summary
Devolutions Server is affected by a vulnerability.
Affected Products
Devolutions Server 2025.1.6.0 and earlier
Change Log
2025/05/05 - Initial publication
Severity
High
Product
Devolutions Server
Fix Version
2025.1.7.0
Improper access control in PAM feature
Description
Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.1.7.0 or higher
Severity
8.3 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Affected Products
Devolutions Server 2025.1.6.0 and earlier
CVE(s)
CVE-2025-4316