CVE-2025-8353 is a security vulnerability affecting Devolutions Server versions 2025.2.4.0 and earlier. The issue stems from a UI synchronization flaw in the Just-in-Time (JIT) access request approval interface. Specifically, the vulnerability is categorized under CWE-446, which relates to UI discrepancies for security features. In this case, the UI does not properly synchronize its state with backend changes, allowing a remote authenticated attacker to exploit stale UI data. This stale UI state can cause the system to process access requests referencing deleted JIT Groups, thereby granting unauthorized access to resources that should no longer be accessible. The attack requires the attacker to be authenticated, but no user interaction beyond standard request processing is necessary. The vulnerability arises because the interface fails to update or invalidate UI elements after JIT Groups are deleted, leading to a mismatch between the UI and the actual system state. This discrepancy can be leveraged to bypass intended access controls, undermining the security model of the JIT access feature, which is designed to provide time-limited, controlled access to sensitive resources. No public exploits are currently known, and no patch links have been provided yet. The vulnerability was published on July 30, 2025, and remains unpatched as of this analysis.

For European organizations using Devolutions Server, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive systems and data. Devolutions Server is commonly used for privileged access management (PAM), and the JIT access feature is critical for enforcing least privilege and time-bound access controls. Exploitation could allow attackers to gain unauthorized access to privileged groups that have been deleted, potentially enabling lateral movement, privilege escalation, or unauthorized data access. This undermines compliance with stringent European data protection regulations such as GDPR, which mandate strict access controls and auditability. The risk is heightened in sectors with high-value targets such as finance, healthcare, and critical infrastructure, where privileged access compromise can lead to severe operational disruption and data breaches. Although exploitation requires authentication, insider threats or compromised credentials could be leveraged to exploit this flaw. The lack of a patch and public exploit increases the urgency for organizations to implement compensating controls. The vulnerability does not directly impact availability but can severely compromise access control integrity and confidentiality.

European organizations should immediately audit their Devolutions Server deployments to identify affected versions (2025.2.4.0 and earlier). Until a patch is released, organizations should implement strict monitoring of JIT access requests and approvals, focusing on anomalies such as approvals referencing deleted groups. Enforce multi-factor authentication (MFA) for all users with access to the JIT approval interface to reduce the risk of credential compromise. Limit the number of users authorized to approve JIT requests and implement strict role-based access controls (RBAC) to minimize the attack surface. Regularly review and clean up JIT Groups to reduce stale data that could be exploited. Enable detailed logging and alerting on JIT access activities to detect suspicious behavior promptly. Network segmentation and zero-trust principles should be applied to restrict access to the Devolutions Server management interface. Organizations should also prepare to apply patches immediately once available and consider vendor communication channels for early updates. Finally, conduct user training to raise awareness about the risks of stale UI states and the importance of verifying access requests carefully.