UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 06 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

Thu, 31 Jul 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions devolutions Server
Vendors & Products Devolutions
Devolutions devolutions Server

Wed, 30 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 30 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Description UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Weaknesses CWE-446
References

cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published:

Updated: 2025-07-30T16:17:38.655Z

Reserved: 2025-07-30T13:30:32.056Z

Link: CVE-2025-8353

cve-icon Vulnrichment

Updated: 2025-07-30T16:17:32.505Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-30T16:15:29.407

Modified: 2025-08-06T14:37:13.843

Link: CVE-2025-8353

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-31T10:09:17Z