CVE-2025-2003
Published: 05 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-2003 is an incorrect authorization vulnerability (CWE-863) affecting PAM vaults in Devolutions Server versions 2024.3.12 and earlier. The flaw allows an authenticated user to bypass the 'add in root' permission, enabling unauthorized actions within the vault structure. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L), indicating high integrity impact with network accessibility and low prerequisites.
An attacker requires only low-privileged authenticated access (PR:L) to exploit this vulnerability remotely over the network, with low attack complexity and no user interaction needed. Exploitation bypasses the 'add in root' permission in PAM vaults, allowing the attacker to perform unauthorized additions or modifications at the root level, resulting in high integrity compromise and low availability impact, while confidentiality remains unaffected.
Devolutions has issued security advisory DEVO-2025-0003, available at https://devolutions.net/security/advisories/DEVO-2025-0003/, which provides details on the vulnerability. Security practitioners should consult this advisory for guidance on available patches and mitigation measures.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The incorrect authorization vulnerability (CWE-863) directly allows an authenticated low-privileged user to bypass the 'add in root' permission for unauthorized modifications/additions in PAM vaults, which is a classic software vulnerability exploitation for gaining elevated privileges within the application.