CVE-2025-5382 | THREATINT

Description

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

PUBLISHED Reserved 2025-05-30 | Published 2025-06-05 | Updated 2025-06-05 | Assigner DEVOLUTIONS

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

Any version

affected

References

devolutions.net/security/advisories/DEVO-2025-0011/

cve.org (CVE-2025-5382)

nvd.nist.gov (CVE-2025-5382)

Download JSON