CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3517: Privilege context switching error in PAM JIT feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM JIT account password to be...

6.3 CVSS

Description

Privilege context switching error in PAM JIT feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM JIT account password to be improperly reset after usage via specific actions such as editing the username.

Classification

CVE ID: CVE-2025-3517

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem Types

CWE-270: Privilege Context Switching Error

Affected Products

Vendor: Devolutions

Product: Devolutions Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.51% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3517
https://devolutions.net/security/advisories/DEVO-2025-0006/

Timeline

2025-05-01 19:40:22 UTC
CVE

Privilege context switching error in PAM JIT feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM JIT account password to be...