Deadlock Vulnerability in Devolutions Server Scheduling Service
CVE-2025-8312

7.1HIGH

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 30 July 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-8312?

A deadlock vulnerability within the PAM automatic check-in feature of Devolutions Server allows a password to remain valid beyond its intended check-out period. This occurs due to a deadlock in the scheduling service, potentially exposing sensitive information or enabling unauthorized access. It is crucial for users running Devolutions Server 2025.2.5.0 and earlier to be aware of this issue and apply necessary updates to mitigate risks to their password management processes. For detailed guidance, refer to the advisory available at Devolutions.

Affected Version(s)

Server 2025.2.2.0 <= 2025.2.5.0

Server 0 <= 2025.1.13.0

References

https://devolutions.net/security/advisories/DEVO-2025-0013/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025

JSON