cbcvebase.
CVE-2025-1231
published 2025-02-11

CVE-2025-1231: Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after…

PriorityP430medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.32%
24.1th percentile
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset functionality.

Affected

5 ranges
VendorProductVersion rangeFixed in
devolutionsdevolutions_server< 2024.3.11.02024.3.11.0
devolutionsserver<= 2024.3.10.0
linuxlinux_kernel>= 6.13.0 < 6.17.86.17.8
linuxlinux_kernel>= 6.2.0 < 6.6.1176.6.117
linuxlinux_kernel>= 6.7.0 < 6.12.586.12.58

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.