CVE Vulnerabilities

CVE-2025-4493

Incorrect Privilege Assignment

Published: May 28, 2025 | Modified: May 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.

This issue affects the following versions : 

  • Devolutions Server 2025.1.3.0 through 2025.1.7.0
  • Devolutions Server 2024.3.15.0 and earlier

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References