CVE-2025-5382 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Devolutions Server versions 2025.1.7.0 and earlier. The issue lies in the Multi-Factor Authentication (MFA) feature for users, specifically in the management of MFA settings by users who have user management permissions. This vulnerability allows such users to remove or alter the MFA configurations of administrators. The vulnerability does not require user interaction and can be exploited remotely (AV:N) with low attack complexity (AC:L), but requires privileges equivalent to user management permissions (PR:H). The vulnerability impacts the integrity of the system by allowing unauthorized modification of administrator MFA settings, potentially enabling privilege escalation or bypass of MFA protections. The CVSS v3.1 base score is 6.8 (medium severity), with no impact on confidentiality or availability, but a significant impact on integrity and scope, as changes to administrator MFA can affect the entire system's security posture. No known exploits are currently reported in the wild, and no patches or mitigation links are provided in the source data. The vulnerability is critical in environments where strict MFA enforcement is a key security control, as it undermines the trustworthiness of administrator authentication mechanisms.

For European organizations, this vulnerability poses a significant risk to the security of privileged accounts within Devolutions Server deployments. Since MFA is a critical defense against unauthorized access, the ability for a user with user management permissions to disable or alter administrator MFA settings can lead to unauthorized administrative access, potentially resulting in unauthorized configuration changes, data manipulation, or lateral movement within the network. This risk is heightened in sectors with stringent regulatory requirements such as finance, healthcare, and government, where unauthorized access to privileged accounts can lead to compliance violations, data breaches, and operational disruptions. The integrity compromise could also facilitate further attacks that may impact confidentiality indirectly. Given the remote exploitability and low complexity, attackers with insider access or compromised user management accounts could leverage this vulnerability to escalate privileges and bypass MFA protections.

To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict user management permissions to only trusted personnel, minimizing the number of users who can modify MFA settings. 2) Implement strict monitoring and alerting on changes to MFA configurations, especially those affecting administrator accounts, to detect unauthorized modifications promptly. 3) Employ compensating controls such as out-of-band verification for changes to critical security settings, including MFA. 4) Where possible, isolate or segment Devolutions Server management interfaces to limit exposure to untrusted networks. 5) Engage with Devolutions for official patches or updates addressing this vulnerability and apply them as soon as they become available. 6) Conduct regular audits of MFA settings and user permissions to ensure compliance with security policies. 7) Consider additional layers of authentication or hardware-based MFA tokens for administrators to reduce the risk of unauthorized changes.