{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T11:36:58.723","vulnerabilities":[{"cve":{"id":"CVE-2025-4493","sourceIdentifier":"security@devolutions.net","published":"2025-05-28T13:15:19.817","lastModified":"2025-06-25T15:48:22.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper privilege assignment in PAM JIT privilege sets in Devolutions \nServer allows a PAM user to perform PAM JIT \nrequests on unauthorized groups by exploiting a user interface issue.\n\n\nThis issue affects the following versions : \n\n  *  Devolutions Server 2025.1.3.0 through 2025.1.7.0\n  *  Devolutions Server 2024.3.15.0 and earlier"},{"lang":"es","value":"La asignación incorrecta de privilegios en los conjuntos de privilegios PAM JIT de Devolutions Server permite que un usuario de PAM realice solicitudes PAM JIT a grupos no autorizados aprovechando un problema de la interfaz de usuario. Este problema afecta a las siguientes versiones: * Devolutions Server 2025.1.3.0 a 2025.1.7.0 * Devolutions Server 2024.3.15.0 y anteriores"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@devolutions.net","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*","versionEndIncluding":"2024.3.15.0","matchCriteriaId":"B14C7E62-E99B-4734-A83E-CBE9C79C96D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1.3.0","versionEndIncluding":"2025.1.7.0","matchCriteriaId":"1933FBC7-209A-4565-B3D6-E09F2D2EAC50"}]}]}],"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2025-0008/","source":"security@devolutions.net","tags":["Vendor Advisory"]}]}}]}