CVE-2025-2280 - AskarLabs CVE Database

CVE-2025-2280

Vendor Devolutions

Product Server

Weakness CWE-284

Published March 13, 2025

Last update March 19, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.

Key dates

02Disclosure timeline

March 13, 2025 CVE published

March 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2280 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2025-2551 D-Link DIR-618/DIR-605L formSetPortTr access control CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli CVE-2023-1432 SourceCodester Online Food Ordering System POST Request access control CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks CVE-2023-43626