Primary

Context

Devolutions Server Improper Authorization Vulnerability in Temporary Access Workflow

Vulnerability

Patched

A vulnerability exists in Devolutions Server versions through 2025.2.12.0, where improper authorization in the temporary access workflow allows authenticated basic users to self-approve or approve access requests for others. This exploitation can lead to unauthorized access to vaults and entries by sending crafted API requests.

Impact

Exploitation of this vulnerability allows for unauthorized access to vaults and entries, potentially leading to unauthorized disclosure or modification of sensitive information.

Remediation

Users are advised to upgrade to Devolutions Server version 2025.2.14.0 or higher.

Added: Oct 22, 2025, 6:31 PM

Updated: Oct 22, 2025, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Improper Authorization Vulnerability in Temporary Access Workflow

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating