CVE-2025-1231

CVE-2025-1231

Vendor Devolutions
Product Server
Weakness CWE-287 · Improper authentication
Published February 11, 2025
Last update February 11, 2025

CVSS base score

What the vulnerability does

01Description

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 11, 2025 Record updated