cbcvebase.
CVE-2025-3517
published 2025-05-01

CVE-2025-3517: Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured…

PriorityP337medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.27%
18.2th percentile
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username.

Affected

2 ranges
VendorProductVersion rangeFixed in
devolutionsdevolutions_server< 2025.1.6.02025.1.6.0
devolutionsdevolutions_server<= 2025.1.5.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.