Description

Improper privilege management during pre-MFA cookie handling in Devolutions Server 2025.3.5.0 and earlier allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step.

INFO

Published Date :

2025-11-06T16:37:14.546Z

Last Modified :

2025-11-06T19:37:36.243Z

Source :

DEVOLUTIONS
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12485 vulnerability.

Vendors Products
Devolutions
  • Devolutions Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12485.

URL Resource
https://devolutions.net/security/advisories/DEVO-2025-0016 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System