Improper Access Control in User Group Management in Devolutions Server
CVE-2025-4433

8.8HIGH

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 30 May 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-4433?

Improper access control in the user group management feature of Devolutions Server versions up to 2025.1.7.0 allows non-administrative users with designated permissions to escalate their privileges. By leveraging 'User Management' and 'User Group Management' permissions, these users can add themselves or others to groups that possess administrative privileges, undermining the system's intended security measures.

Affected Version(s)

Server 0 <= 2025.1.7.0

References

https://devolutions.net/security/advisories/DEVO-2025-0010/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
May 8, 2025