CVE-2025-4493

Summary

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue.

This issue affects the following versions : 

  • Devolutions Server 2025.1.3.0 through 2025.1.7.0
  • Devolutions Server 2024.3.15.0 and earlier

Affected Software

VendorProductVersion RangeStatus
DevolutionsServer2025.1.3.0 <= 2025.1.7.0affected
DevolutionsServer0 <= 2024.3.15.0affected

Weaknesses

  • CWE-266: CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References