Devolutions Server 2025.1.4.0

CPE Details

Devolutions Server 2025.1.4.0
devolutions
devolutions_server
2025.1.4.0
2025-04-04
16h34 +00:00
2025-04-04
16h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:devolutions:devolutions_server:2025.1.4.0:*:*:*:*:*:*:*

Informations

Vendor

devolutions

Product

devolutions_server

Version

2025.1.4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-5382 2025-06-05 13h37 +00:00 Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
6.8
Medium
CVE-2025-3768 2025-06-05 13h36 +00:00 Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
5
Medium
CVE-2025-4433 2025-05-30 12h16 +00:00 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
8.8
High
CVE-2025-4493 2025-05-28 12h35 +00:00 Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions :  * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier
6.5
Medium
CVE-2025-4316 2025-05-05 14h00 +00:00 Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0.
4.3
Medium
CVE-2025-3517 2025-05-01 18h26 +00:00 Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.
6.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.