What the vulnerability does

01Description

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

Key dates

02Disclosure timeline

May 1, 2025 CVE published
May 2, 2025 Record updated