Primary

Context

Devolutions Server Deadlock Vulnerability in PAM Check-In Feature Allowing Password Validity Extension

Vulnerability

Patched

A deadlock vulnerability has been identified in the Privileged Access Management (PAM) automatic check-in feature of Devolutions Server. This deadlock occurs in the scheduling service, allowing passwords to remain valid beyond their intended check-out period. The issue affects Devolutions Server versions through 2025.2.5.0.

Impact

Exploitation of this vulnerability can lead to passwords being improperly retained beyond their designated check-out time, potentially allowing unauthorized access.

Remediation

Users are advised to upgrade to Devolutions Server version 2025.2.7.0 or higher.

Added: Jul 30, 2025, 4:22 PM

Updated: Jul 30, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Deadlock Vulnerability in PAM Check-In Feature Allowing Password Validity Extension

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating