CVE-2025-11957

CVSS v3.1

8.4

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.2.12.0 and earlier

Description A flaw in the temporary access workflow permits a user with basic authentication to approve their own temporary access requests or those of other users. This can lead to unauthorized access to vaults and entries through specially crafted API requests.

Recommendations Update Devolutions Server to a version later than 2025.2.12.0.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-11957

Affected Products

Devolutions Server

CVE-2025-11957

Weakness Enumeration

Related Identifiers

Affected Products

References · 3