CNNVD-202511-532 Information
Nov 06, 2025
cve
CNNVD ID
CNNVD-202511-532
Related CVE
- CNNVD Published: 2025-11-06
Description (Chinese)
Devolutions Server是加拿大Devolutions公司的一个应用系统。提供功能齐全的共享帐户和密码管理解决方案。 Devolutions Server 2025.3.5.0及之前版本存在安全漏洞,该漏洞源于MFA前 cookie 处理期间的权限管理不当,使得低权限的已认证用户可以通过重放 MFA 前 cookie 来冒充其他帐户。
Description (English)
The Defenses Server is an application of the Canadian Defenses Corporation. Provide a fully functional shared account and password management solution. There is a security loophole in the Defenses Server 2025.3.5.0 and earlier versions, which stems from the mismanage of authority during pre-MFA cookies processing, which allows low-authorized certified users to impersonate other accounts by re-aligning pre-MFA cookies.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Devolutions
Published
2025-11-06
Last Modified
2026-02-24
References
https://devolutions.net/security/advisories/DEVO-2025-0016
Patch
https://devolutions.net/server/
Share on: