Security & Compliance
DEVO-2025-0007
Summary
Devolutions Server is affected by a vulnerability.
Affected Products
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
Change Log
2025/05/05 - Initial publication 2025/05/14 - Added new fix versions.
Severity
High
Products
Devolutions Server
Fix Version
2025.1.7.0, 2024.3.17.0
Improper access control in PAM feature
Description
Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.1.7.0 or higherUpdate to Devolutions Server 2024.3.17.0 or higher
Severity
8.3 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N
Affected Products
Devolutions Server 2025.1.3.0 through 2025.1.6.0Devolutions Server 2024.3.16 and earlier
CVE(s)
CVE-2025-4316