PT-2025-9849 · Devolutions · Devolutions Server

Publicado

2025-03-05

Atualizado

2025-03-28

CVE-2025-2003

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2024.3.12 and earlier

Description The issue concerns incorrect authorization in PAM vaults, allowing an authenticated user to bypass the 'add in root' permission. This enables the user to perform actions that would normally be restricted.

Recommendations For Devolutions Server versions 2024.3.12 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2025-2003

Produtos afetados

Devolutions Server

PT-2025-9849 · Devolutions · Devolutions Server

CVE-2025-2003

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7