CVE-2025-3517 is a vulnerability identified in Devolutions Server version 2025.1.5.0 and earlier, specifically related to the Privilege Access Management (PAM) Just-In-Time (JIT) elevation feature. The flaw arises from incorrect privilege assignment due to a failure to update the internal account's Security Identifier (SID) when the username is updated. This vulnerability is categorized under CWE-266, which pertains to incorrect privilege assignment. In practical terms, a PAM user can exploit this issue to elevate the privileges of a previously configured user within a PAM JIT account. The vulnerability allows an attacker with some level of privilege (PR:L - low privileges) to perform unauthorized privilege escalation without requiring user interaction (UI:N). The attack vector is network-based (AV:N), meaning it can be exploited remotely. The CVSS v3.1 base score is 6.3, indicating a medium severity level, with impacts on confidentiality, integrity, and availability rated as low to medium. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other components. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability's root cause is a logic error in the PAM JIT elevation implementation, which fails to properly synchronize the SID when usernames change, leading to privilege misassignment and potential unauthorized access escalation within the Devolutions Server environment.

For European organizations, the impact of CVE-2025-3517 can be significant, especially for those relying on Devolutions Server for privileged access management and credential vaulting. Successful exploitation could allow an attacker with limited privileges to escalate their access rights, potentially gaining unauthorized control over sensitive systems and credentials managed by the server. This could lead to lateral movement within the network, exposure of confidential data, and disruption of critical services. Given that Devolutions Server is often used in IT infrastructure management, the compromise could affect operational integrity and availability. The medium severity rating suggests that while the vulnerability is not trivially exploitable by unauthenticated attackers, it poses a real risk in environments where PAM users have network access. The absence of user interaction requirements increases the risk of automated or remote exploitation. European organizations in sectors such as finance, government, healthcare, and critical infrastructure, which commonly deploy privileged access management solutions, may face increased risk of targeted attacks leveraging this vulnerability.

Immediately review and audit all PAM JIT accounts and their privilege assignments within Devolutions Server to identify any anomalous or unauthorized privilege escalations. Implement strict network segmentation and access controls to limit network exposure of Devolutions Server instances, reducing the attack surface for remote exploitation. Enforce multi-factor authentication (MFA) for all PAM users to add an additional layer of security against unauthorized access. Monitor logs and alerts for unusual privilege elevation activities or changes in user account SIDs within the PAM environment. Until an official patch is released, consider temporarily disabling the PAM JIT elevation feature if operationally feasible, or restrict its use to highly trusted administrators. Apply the principle of least privilege rigorously to PAM users, ensuring that only necessary permissions are granted to minimize potential impact. Engage with Devolutions support or vendor channels to obtain timely updates or patches addressing this vulnerability and plan for prompt deployment once available.