CVE-2025-4493 | THREATINT

Description

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Server 2025.1.3.0 through 2025.1.7.0 * Devolutions Server 2024.3.15.0 and earlier

PUBLISHED Reserved 2025-05-09 | Published 2025-05-28 | Updated 2025-05-28 | Assigner DEVOLUTIONS

Problem types

CWE-266: Incorrect Privilege Assignment

Product status

Default status

unaffected

2025.1.3.0 (custom)

affected

Any version

affected

References

devolutions.net/security/advisories/DEVO-2025-0008/

cve.org (CVE-2025-4493)

nvd.nist.gov (CVE-2025-4493)

Download JSON