CVE-2025-11957

Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
DEVOLUTIONSCNA
---
---
CISA-ADPADP
8.4 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
devolutionsdevolutions_server
𝑥
< 2025.2.14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://devolutions.net/security/advisories/DEVO-2025-0015/