CVE-2025-3517

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

CVSS

No CVSS.

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2025-0006/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

History

17 Jun 2025, 14:18

Type	Values Removed	Values Added
References	~~() https://devolutions.net/security/advisories/DEVO-2025-0006/ -~~	() https://devolutions.net/security/advisories/DEVO-2025-0006/ - Vendor Advisory
CPE		cpe:2.3:a:devolutions:devolutions_server::::::::
First Time		Devolutions Devolutions devolutions Server

02 May 2025, 13:15

Type	Values Removed	Values Added
Summary	Privilege context switching error in PAM JIT feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM JIT account password to be improperly reset after usage via specific actions such as editing the username.	Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

01 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 19:15

Updated : 2025-06-17 14:18

NVD link : CVE-2025-3517

Mitre link : CVE-2025-3517

JSON object : View

Products Affected

devolutions

devolutions_server

CWE

No CWE.

JSON object

Attach tags to CVE-2025-3517

Attach tags to `CVE-2025-3517`