Skip to main content

CVE-2025-5382: CWE-284: Improper Access Control in Devolutions Server

Medium
VulnerabilityCVE-2025-5382cvecve-2025-5382cwe-284
Published: Thu Jun 05 2025 (06/05/2025, 13:37:05 UTC)
Source: CVE Database V5
Vendor/Project: Devolutions
Product: Server

Description

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.

AI-Powered Analysis

AILast updated: 07/07/2025, 09:43:42 UTC

Technical Analysis

CVE-2025-5382 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Devolutions Server versions 2025.1.7.0 and earlier. The issue lies in the Multi-Factor Authentication (MFA) feature for users, specifically in the management of MFA settings by users who have user management permissions. This vulnerability allows such users to remove or alter the MFA configurations of administrators. The vulnerability does not require user interaction and can be exploited remotely (AV:N) with low attack complexity (AC:L), but requires privileges equivalent to user management permissions (PR:H). The vulnerability impacts the integrity of the system by allowing unauthorized modification of administrator MFA settings, potentially enabling privilege escalation or bypass of MFA protections. The CVSS v3.1 base score is 6.8 (medium severity), with no impact on confidentiality or availability, but a significant impact on integrity and scope, as changes to administrator MFA can affect the entire system's security posture. No known exploits are currently reported in the wild, and no patches or mitigation links are provided in the source data. The vulnerability is critical in environments where strict MFA enforcement is a key security control, as it undermines the trustworthiness of administrator authentication mechanisms.

Potential Impact

For European organizations, this vulnerability poses a significant risk to the security of privileged accounts within Devolutions Server deployments. Since MFA is a critical defense against unauthorized access, the ability for a user with user management permissions to disable or alter administrator MFA settings can lead to unauthorized administrative access, potentially resulting in unauthorized configuration changes, data manipulation, or lateral movement within the network. This risk is heightened in sectors with stringent regulatory requirements such as finance, healthcare, and government, where unauthorized access to privileged accounts can lead to compliance violations, data breaches, and operational disruptions. The integrity compromise could also facilitate further attacks that may impact confidentiality indirectly. Given the remote exploitability and low complexity, attackers with insider access or compromised user management accounts could leverage this vulnerability to escalate privileges and bypass MFA protections.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict user management permissions to only trusted personnel, minimizing the number of users who can modify MFA settings. 2) Implement strict monitoring and alerting on changes to MFA configurations, especially those affecting administrator accounts, to detect unauthorized modifications promptly. 3) Employ compensating controls such as out-of-band verification for changes to critical security settings, including MFA. 4) Where possible, isolate or segment Devolutions Server management interfaces to limit exposure to untrusted networks. 5) Engage with Devolutions for official patches or updates addressing this vulnerability and apply them as soon as they become available. 6) Conduct regular audits of MFA settings and user permissions to ensure compliance with security policies. 7) Consider additional layers of authentication or hardware-based MFA tokens for administrators to reduce the risk of unauthorized changes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
DEVOLUTIONS
Date Reserved
2025-05-30T12:31:45.409Z
Cvss Version
null
State
PUBLISHED

Threat ID: 68419f11182aa0cae2e11689

Added to database: 6/5/2025, 1:43:45 PM

Last enriched: 7/7/2025, 9:43:42 AM

Last updated: 8/16/2025, 9:14:40 AM

Views: 26

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats