CVE-2025-4433 – Devolutions Server Privilege Escalation Vulnerability

May 30, 2025

CVE ID : CVE-2025-4433

Published : May 30, 2025, 1:15 p.m. | 3 hours, 44 minutes ago

Description : Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both “User Management” and “User Group Management” permissions to perform privilege escalation by adding users to groups with administrative privileges.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48331 – Vanquish WooCommerce Orders & Customers Exporter Sensitive Data Exposure

Next Article May 2025 Patch Tuesday: Five Zero-Days and Five Critical Vulnerabilities Among 72 CVEs

Highlights

CVE-2025-3046 – “Obsidian Reader Symbolic Link File Read Vulnerability”

July 7, 2025

CVE ID : CVE-2025-3046

Published : July 7, 2025, 10:15 a.m. | 2 hours, 54 minutes ago

Description : A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Graph CLI to be retired

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

I asked AI to modify mission-critical code, and what happened next haunts me

Why you should delete your browser extensions right now – or do this to stay safe

Dolby Vision 2 comes with big upgrades – here’s which TVs get them first

This one small feature makes this travel charger my favorite for business trips

Laracon AU 2025 Talk Titles Revealed

Laracon AU 2025 Talk Titles Revealed

Stop Writing Bad Controllers: Laravel Custom Collections Transform Your Code

Handle ownership relationships between Eloquent models with Laravel Ownable

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

How to Open Ports in Firewall on Windows Server

Google TV Remote Not Working? 5 Quick Fixes

CVE-2025-4433 – Devolutions Server Privilege Escalation Vulnerability

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

Intelligent document processing at scale with generative AI and Amazon Bedrock Data Automation

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

CVE-2024-13845 – WordPress Gravity Forms WebHooks SSRF

Do AI Models Act Like Insider Threats? Anthropic’s Simulations Say Yes

CVE-2025-3046 – “Obsidian Reader Symbolic Link File Read Vulnerability”

CVE-2025-5487 – AutomatorWP SQL Injection Vulnerability

CVE-2025-47824 – Flock Safety LPR Cleartext Code Storage Vulnerability

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

CVE-2025-4433 – Devolutions Server Privilege Escalation Vulnerability

Related Posts