Security & Compliance
DEVO-2025-0013
Summary
Devolutions Server is affected by multiples vulnerabilites
Affected Products
Devolutions Server 2025.2.5.0 and earlier
Change Log
30/07/2025 - Initial publication
Severity
High
Products
Devolutions Server
Fix Version
2025.2.7.0
Deadlock in PAM automatic check-in feature in Devolutions Server
Description
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.2.7.0 or higher
Severity
7.3 High - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H
Affected Products
Devolutions Server 2025.2.5.0 and earlier
CVE(s)
CVE-2025-8312
UI Discrepancy when performing JIT group deletion
Description
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Remediation and Workarounds
Upgrade to Devolutions Server 2025.2.5.0 or higher
Severity
2.1 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products
Devolutions Server 2025.2.4 and earlier
CVE(s)
CVE-2025-8353