Primary

Context

Devolutions Server Improper Access Control Vulnerability in Privileged Access Management Feature

Vulnerability

Patched

A vulnerability exists in the Privileged Access Management (PAM) feature of Devolutions Server, specifically in versions 2025.1.3.0 through 2025.1.6.0 and all versions up to 2024.3.15.0. This vulnerability allows PAM users to self-approve their PAM requests, bypassing established policies, through certain actions in the user interface.

Impact

Exploitation of this vulnerability could lead to unauthorized self-approval of PAM requests, allowing users to circumvent established access control policies.

Remediation

Users can upgrade to Devolutions Server version 2025.1.7.0 or 2024.3.17.0 or higher to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Improper Access Control Vulnerability in Privileged Access Management Feature

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating