CVE-2025-2003
Published: 05 March 2025
Summary
CVE-2025-2003 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Devolutions Devolutions Server. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, reporting, and correction of the authorization flaw in Devolutions Server, preventing exploitation of the permission bypass vulnerability.
Enforces approved authorizations for access to system resources, directly mitigating the incorrect authorization that allows bypassing 'add in root' permissions in PAM vaults.
Applies least privilege to limit low-privileged users' capabilities, reducing the scope and impact of unauthorized root-level additions enabled by the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The incorrect authorization vulnerability (CWE-863) directly allows an authenticated low-privileged user to bypass the 'add in root' permission for unauthorized modifications/additions in PAM vaults, which is a classic software vulnerability exploitation for gaining elevated privileges within the application.
NVD Description
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an authenticated user to bypass the 'add in root' permission.
Deeper analysisAI
CVE-2025-2003 is an incorrect authorization vulnerability (CWE-863) affecting PAM vaults in Devolutions Server versions 2024.3.12 and earlier. The flaw allows an authenticated user to bypass the 'add in root' permission, enabling unauthorized actions within the vault structure. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L), indicating high integrity impact with network accessibility and low prerequisites.
An attacker requires only low-privileged authenticated access (PR:L) to exploit this vulnerability remotely over the network, with low attack complexity and no user interaction needed. Exploitation bypasses the 'add in root' permission in PAM vaults, allowing the attacker to perform unauthorized additions or modifications at the root level, resulting in high integrity compromise and low availability impact, while confidentiality remains unaffected.
Devolutions has issued security advisory DEVO-2025-0003, available at https://devolutions.net/security/advisories/DEVO-2025-0003/, which provides details on the vulnerability. Security practitioners should consult this advisory for guidance on available patches and mitigation measures.
Details
- CWE(s)