A critical vulnerability in Devolutions Server could allow attackers with low-level access to impersonate other user accounts by exploiting how the application handles authentication cookies before multi-factor authentication is completed.
The security flaw, tracked as CVE-2025-12485, stems from improper privilege management during pre-MFA cookie handling.
When users log in to Devolutions Server, the application generates temporary authentication cookies before the MFA verification step.
However, these cookies contain enough information to allow attackers to bypass the initial authentication layer and access another user’s account.
The critical severity rating of 9.4 CVSS reflects the serious nature of this vulnerability. According to CVSS 4.0 metrics, an attacker only needs network access, basic privileges, and no user interaction to exploit this flaw.
The vulnerability impacts the confidentiality, integrity, and availability of user accounts and stored credentials.
| Field | Value |
| CVE ID | CVE-2025-12485 |
| Vulnerability Type | Improper Privilege Management |
| CVSS Score | 9.4 (Critical) |
| Affected Product | Devolutions Server |
An authenticated user with lower-level permissions can capture or replay a pre-MFA cookie belonging to another user.
This allows them to assume the user’s identity within the system without possessing the target account’s actual credentials.
However, it’s important to note that this exploit does not bypass the MFA verification step entirely; the target account’s multi-factor authentication would still need to be satisfied separately.
This means attackers can establish unauthorized sessions and potentially access sensitive information, modify configurations, or perform administrative actions depending on the compromised account’s permissions.
Devolutions Server is widely used for credential and access management across organizations. A successful attack could lead to unauthorized access to privileged accounts, lateral movement within networks, and exposure of sensitive credentials stored in the vault.
Organizations running Devolutions Server should treat this as a high-priority security issue requiring immediate remediation.
Devolutions has released security updates addressing this vulnerability. Organizations must upgrade to one of the following versions: Devolutions Server 2025.3.6.0 or higher and Devolutions Server 2025.2.17.0 or higher.
System administrators should prioritize patching all instances of Devolutions Server in their environments immediately.
Additionally, organizations should review access logs for any suspicious account impersonation attempts or unusual authentication patterns that might indicate exploitation of this vulnerability before patching is applied.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
APT24, a sophisticated cyber espionage group linked to China's People's Republic, has launched a relentless…
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom's internal systems as part of…
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers…
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…