Description
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.2.0 through 2025.2.5.0 * Devolutions Server 2025.1.12.0 and earlier
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Affected products
- Devolutions / Server2025.2.2.0 – 2025.2.5.0
- Devolutions / Server0 – 2025.1.13.0
References
- VENDOR_ADVISORYhttps://devolutions.net/security/advisories/DEVO-2025-0013/