Security & Compliance
DEVO-2025-0010
Summary
Devolutions Server is affected by a vulnerability.
Affected Products
Devolutions Server 2025.1.7.0 and earlier
Change Log
30/05/2025 - Initial publication
Severity
High
Product
Devolutions Server
Fix Version
2025.1.9.0
Improper access control in user group management
Description
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.1.9.0 or higher
Severity
8.7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
Devolutions Server 2025.1.7.0 and earlier
CVE(s)
CVE-2025-4433