UI Discrepancy for Security Feature

CVE-2025-8353

Medium

5.9/10

Summary

UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-446 - UI Discrepancy for Security Feature

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

References

Advisory Timeline

Published Jul 30, 2025

UI Discrepancy for Security Feature

CVE-2025-8353

Summary

CWE-446 - UI Discrepancy for Security Feature

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS