CVE-2025-3517 | THREATINT

Description

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

PUBLISHED Reserved 2025-04-11 | Published 2025-05-01 | Updated 2025-05-02 | Assigner DEVOLUTIONS

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

Any version

affected

References

devolutions.net/security/advisories/DEVO-2025-0006/

cve.org (CVE-2025-3517)

nvd.nist.gov (CVE-2025-3517)

Download JSON