CVE-2025-4433
30.05.2025, 13:15
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.Enginsight
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2025.1.9.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration