CVE-2025-8353

Summary

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

Affected Software

VendorProductVersion RangeStatus
DevolutionsServer0 <= 2025.2.4.0affected

Weaknesses

  • CWE-446: CWE-446: UI Discrepancy for Security Feature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References