CVE-2025-4316

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.1.6.0 and earlier

Description The issue is related to improper access control in the PAM feature, allowing a PAM user to self-approve their PAM requests even if disallowed by the configured policy. This can be achieved via specific user interface actions.

Recommendations For Devolutions Server versions 2025.1.6.0 and earlier, consider restricting access to the PAM feature until a patch is available, or apply specific configuration changes to the user interface to prevent self-approval of PAM requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.