CVE-2025-4493

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2024.3.15.0 and earlier Devolutions Server versions 2025.1.3.0 through 2025.1.7.0

Description The issue is related to improper privilege assignment in PAM JIT privilege sets, allowing a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.

Recommendations For Devolutions Server versions 2024.3.15.0 and earlier, update to a version later than 2024.3.15.0 to resolve the issue. For Devolutions Server versions 2025.1.3.0 through 2025.1.7.0, update to a version later than 2025.1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to PAM JIT requests to minimize the risk of exploitation.