Improper Privilege Assignment in Devolutions Server by Devolutions
CVE-2025-4493

6.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 28 May 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-4493?

An improper privilege assignment vulnerability exists in Devolutions Server, which impacts PAM JIT privilege sets. This flaw allows a PAM user to conduct PAM JIT requests on unauthorized groups by taking advantage of a user interface issue, leading to potential security breaches. Users on affected versions should update their software to mitigate this risk.

Affected Version(s)

Server 2025.1.3.0 <= 2025.1.7.0

Server 0 <= 2024.3.15.0

References

https://devolutions.net/security/advisories/DEVO-2025-0008/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
May 9, 2025