CVE Vulnerabilities

CVE-2025-8353

UI Discrepancy for Security Feature

Published: Jul 30, 2025 | Modified: Aug 06, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

Weakness

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Affected Software

Name Vendor Start Version End Version
Devolutions_server Devolutions * 2025.2.5.0 (excluding)

References