What the vulnerability does

01Description

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

Key dates

02Disclosure timeline

June 5, 2025 CVE published
June 5, 2025 Record updated