CVE-2025-1231

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier

Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password reset functionality.

Recommendations: For Devolutions Server versions 2024.3.10.0 and earlier, consider temporarily disabling the password reset functionality in the PAM Module until a patch is available. Restrict access to the PAM Module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640CWE-287

Related Identifiers

BDU:2026-04977

CVE-2025-1231

Affected Products

Devolutions Server

CVE-2025-1231

Weakness Enumeration

Related Identifiers

Affected Products

References · 8