Primary

Context

Devolutions Server Improper Access Control Vulnerability in Web Extension Restriction Feature

Vulnerability

Patched

A vulnerability exists in the web extension restriction feature of Devolutions Server versions through 2024.3.4.0. This improper access control allows an authenticated user to bypass restrictions on browser extensions.

Impact

Exploitation of this vulnerability allows for the bypass of browser extension restrictions, potentially leading to unauthorized access or actions via the web extension.

Remediation

Users are advised to upgrade to Devolutions Server version 2024.3.6 or higher.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Improper Access Control Vulnerability in Web Extension Restriction Feature

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

Devolutions Remote Desktop Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating