CVE-2025-3517

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.1.5.0 and earlier

Description The issue concerns a privilege context switching error in the PAM JIT feature of Devolutions Server. This error allows a PAM JIT account password to be improperly reset after usage via specific actions, such as editing the username. It also enables a PAM user to elevate a previously configured user configured in a PAM JIT account due to the failure to update the internal account's SID when updating the username.

Recommendations For Devolutions Server versions 2025.1.5.0 and earlier, consider disabling the PAM JIT elevation feature until a patch is available to prevent improper privilege assignment. As a temporary workaround, restrict actions that involve editing usernames in PAM JIT accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.