← Volver a CVEs
CVE-2025-4433
HIGH8.8
Descripcion
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform privilege escalation by adding users to groups with administrative privileges.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado5/30/2025
Ultima modificacion11/25/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
devolutions:devolutions_server
Debilidades (CWE)
CWE-284
Referencias
https://devolutions.net/security/advisories/DEVO-2025-0010/(security@devolutions.net)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.