CVE-2025-8353

Medium CVSS 5.9

Overview

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

CWE: CWE-446 Published: 2025-07-30T16:15:29.407

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.9 (MEDIUM)
Detected tags: unauth_access (tag impact: HIGH)

Recommended actions:

Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags