CVE-2025-4493 – Devolutions Server Privilege Escalation Vulnerability

May 28, 2025

CVE ID : CVE-2025-4493

Published : May 28, 2025, 1:15 p.m. | 22 minutes ago

Description : Improper privilege assignment in PAM JIT privilege sets in Devolutions
Server allows a PAM user to perform PAM JIT
requests on unauthorized groups by exploiting a user interface issue.

This issue affects the following versions :

* Devolutions Server 2025.1.3.0 through 2025.1.7.0
* Devolutions Server 2024.3.15.0 and earlier

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleSkyEmu is a Game Boy Advance, Game Boy, Game Boy Color, and DS emulator

Next Article CVE-2025-5298 – Campcodes Online Hospital Management System SQL Injection Vulnerability

Highlights

CVE-2025-53540 – Arduino-ESP32 CSRF Vulnerability Allows Remote Code Execution (RCE)

July 7, 2025

CVE ID : CVE-2025-53540

Published : July 7, 2025, 8:15 p.m. | 2 hours, 29 minutes ago

Description : arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

I tested Dyson’s pricey flagship headphones and they’re better than I expected

60% of managers use AI to make decisions now, including whom to promote and fire – does yours?

4 ways Google Wallet can make your life easier (and more organized)

How to maximize your Windows 11 PC’s battery life in 9 easy steps

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Blender 4.5 LTS Released with ‘Full Vulkan Support’

Blender 4.5 LTS Released with ‘Full Vulkan Support’

nsupdate.info – software used to implement a free dynamic DNS service

Windows 11’s handheld gaming UI references spotted ahead of Xbox Ally

CVE-2025-4493 – Devolutions Server Privilege Escalation Vulnerability

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CVE-2025-2987 – IBM Maximo Asset Management SSRF

AI Implementation in Business: 10 Steps to Get It Right

CVE-2025-6148 – TOTOLINK A3002RU HTTP POST Request Handler Buffer Overflow

CVE-2025-45009 – PHPGurukul Park Ticketing Management System HTML Injection

CVE-2025-53540 – Arduino-ESP32 CSRF Vulnerability Allows Remote Code Execution (RCE)

MangoJuice is a GUI tool to configure MangoHud

CVE-2025-48188 – GNU PSPP libpspp-core.a Heap-Based Buffer Over-Read

Ubuntu 25.10 Adds New Rust Library to Default Installs

CVE-2025-4493 – Devolutions Server Privilege Escalation Vulnerability

Related Posts