CVE-2025-5382: CWE-284: Improper Access Control in Devolutions Server
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
AI Analysis
Technical Summary
CVE-2025-5382 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Devolutions Server versions 2025.1.7.0 and earlier. The issue lies in the Multi-Factor Authentication (MFA) feature for users, specifically in the management of MFA settings by users who have user management permissions. This vulnerability allows such users to remove or alter the MFA configurations of administrators. The vulnerability does not require user interaction and can be exploited remotely (AV:N) with low attack complexity (AC:L), but requires privileges equivalent to user management permissions (PR:H). The vulnerability impacts the integrity of the system by allowing unauthorized modification of administrator MFA settings, potentially enabling privilege escalation or bypass of MFA protections. The CVSS v3.1 base score is 6.8 (medium severity), with no impact on confidentiality or availability, but a significant impact on integrity and scope, as changes to administrator MFA can affect the entire system's security posture. No known exploits are currently reported in the wild, and no patches or mitigation links are provided in the source data. The vulnerability is critical in environments where strict MFA enforcement is a key security control, as it undermines the trustworthiness of administrator authentication mechanisms.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the security of privileged accounts within Devolutions Server deployments. Since MFA is a critical defense against unauthorized access, the ability for a user with user management permissions to disable or alter administrator MFA settings can lead to unauthorized administrative access, potentially resulting in unauthorized configuration changes, data manipulation, or lateral movement within the network. This risk is heightened in sectors with stringent regulatory requirements such as finance, healthcare, and government, where unauthorized access to privileged accounts can lead to compliance violations, data breaches, and operational disruptions. The integrity compromise could also facilitate further attacks that may impact confidentiality indirectly. Given the remote exploitability and low complexity, attackers with insider access or compromised user management accounts could leverage this vulnerability to escalate privileges and bypass MFA protections.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict user management permissions to only trusted personnel, minimizing the number of users who can modify MFA settings. 2) Implement strict monitoring and alerting on changes to MFA configurations, especially those affecting administrator accounts, to detect unauthorized modifications promptly. 3) Employ compensating controls such as out-of-band verification for changes to critical security settings, including MFA. 4) Where possible, isolate or segment Devolutions Server management interfaces to limit exposure to untrusted networks. 5) Engage with Devolutions for official patches or updates addressing this vulnerability and apply them as soon as they become available. 6) Conduct regular audits of MFA settings and user permissions to ensure compliance with security policies. 7) Consider additional layers of authentication or hardware-based MFA tokens for administrators to reduce the risk of unauthorized changes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Belgium, Italy
CVE-2025-5382: CWE-284: Improper Access Control in Devolutions Server
Description
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
AI-Powered Analysis
Technical Analysis
CVE-2025-5382 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Devolutions Server versions 2025.1.7.0 and earlier. The issue lies in the Multi-Factor Authentication (MFA) feature for users, specifically in the management of MFA settings by users who have user management permissions. This vulnerability allows such users to remove or alter the MFA configurations of administrators. The vulnerability does not require user interaction and can be exploited remotely (AV:N) with low attack complexity (AC:L), but requires privileges equivalent to user management permissions (PR:H). The vulnerability impacts the integrity of the system by allowing unauthorized modification of administrator MFA settings, potentially enabling privilege escalation or bypass of MFA protections. The CVSS v3.1 base score is 6.8 (medium severity), with no impact on confidentiality or availability, but a significant impact on integrity and scope, as changes to administrator MFA can affect the entire system's security posture. No known exploits are currently reported in the wild, and no patches or mitigation links are provided in the source data. The vulnerability is critical in environments where strict MFA enforcement is a key security control, as it undermines the trustworthiness of administrator authentication mechanisms.
Potential Impact
For European organizations, this vulnerability poses a significant risk to the security of privileged accounts within Devolutions Server deployments. Since MFA is a critical defense against unauthorized access, the ability for a user with user management permissions to disable or alter administrator MFA settings can lead to unauthorized administrative access, potentially resulting in unauthorized configuration changes, data manipulation, or lateral movement within the network. This risk is heightened in sectors with stringent regulatory requirements such as finance, healthcare, and government, where unauthorized access to privileged accounts can lead to compliance violations, data breaches, and operational disruptions. The integrity compromise could also facilitate further attacks that may impact confidentiality indirectly. Given the remote exploitability and low complexity, attackers with insider access or compromised user management accounts could leverage this vulnerability to escalate privileges and bypass MFA protections.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately review and restrict user management permissions to only trusted personnel, minimizing the number of users who can modify MFA settings. 2) Implement strict monitoring and alerting on changes to MFA configurations, especially those affecting administrator accounts, to detect unauthorized modifications promptly. 3) Employ compensating controls such as out-of-band verification for changes to critical security settings, including MFA. 4) Where possible, isolate or segment Devolutions Server management interfaces to limit exposure to untrusted networks. 5) Engage with Devolutions for official patches or updates addressing this vulnerability and apply them as soon as they become available. 6) Conduct regular audits of MFA settings and user permissions to ensure compliance with security policies. 7) Consider additional layers of authentication or hardware-based MFA tokens for administrators to reduce the risk of unauthorized changes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- DEVOLUTIONS
- Date Reserved
- 2025-05-30T12:31:45.409Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68419f11182aa0cae2e11689
Added to database: 6/5/2025, 1:43:45 PM
Last enriched: 7/7/2025, 9:43:42 AM
Last updated: 8/16/2025, 9:14:40 AM
Views: 26
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.