cbcvebase.
CVE-2025-2003
published 2025-03-05

CVE-2025-2003: Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

PriorityP340high7.1CVSS 3.1
AVNACLPRLUINSUCNIHAL
EPSS
0.41%
32.6th percentile
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.

Affected

11 ranges
VendorProductVersion rangeFixed in
devolutionsdevolutions_server< 2024.3.13.02024.3.13.0
devolutionsserver<= 2024.3.12.0
msrccbl2_kernel_5.15.26.1-1_on_cbl_mariner_2.0
msrccbl2_qt5-qtsvg_5.12.11-3_on_cbl_mariner_2.0
msrccbl2_snakeyaml_1.25-2_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_kernel_5.10.102.1-1_on_cbl_mariner_1.0
msrccm1_qt5-qtbase_5.12.11-2_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.