CVE-2025-1231

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 11, 2025

CWE ID 287

Summary

CVE-2025-1231 is a vulnerability affecting Devolutions Server 2024.3.10.0 and earlier. An authenticated user can exploit an improper password reset in a PAM Module, allowing them to reuse an Oracle user's password after check-in. This issue arises due to a crash in the password reset functionality. This vulnerability poses a security risk, as it enables unauthorized access to Oracle user accounts. It is recommended that affected organizations install the latest security patch as soon as possible to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Devolutions Server
Server

Affected Vendors

Devolutions

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3QjYXk
https://www.cve.org/CVERecord?id=CVE-2025-1231
https://nvd.nist.gov/vuln/detail/CVE-2025-1231

Back to Vulnerability Database