What the vulnerability does
01Description
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.
CVSS base score
—
Key dates
02Disclosure timeline
March 5, 2025
CVE published
March 5, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-32983 Misskey allows the impersonation and takeover of remote accounts with unnormalized signed activities
CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure
CVE-2023-29295 Insecure Direct Object Reference (IDOR) in Create Quote Function
CVE-2025-8533 Incorrect Authorization of XPC Service in Fantastical.app
