Authorization Bypass in Devolutions Server by Devolutions
CVE-2025-2003

7.1HIGH

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 5 March 2025

What is CVE-2025-2003?

An authorization bypass vulnerability in Devolutions Server affects versions 2024.3.12 and earlier, allowing authenticated users to circumvent the required permissions associated with adding privileges in PAM vaults. This flaw can potentially enable unauthorized actions by users, undermining the security model and leading to privilege escalation.

Affected Version(s)

Server 0 <= 2024.3.12.0

References

https://devolutions.net/security/advisories/DEVO-2025-0003/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Mar 5, 2025