CVE-2025-8353
MEDIUMDescription
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Is your site exposed to CVE-2025-8353?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| devolutions | devolutions_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-8353? +
How severe is CVE-2025-8353? +
What products are affected by CVE-2025-8353? +
How do I check if I'm vulnerable to CVE-2025-8353? +
Related Vulnerabilities
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows …
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to …
Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has …
Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows an attacker with valid user credentials to …
Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by …
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept …