The vulnerability, identified as CVE-2025-12485, poses a serious risk to organizations managing privileged access through the platform.
The flaw exists in how Devolutions Server handles authentication cookies before multi-factor authentication (MFA) is applied.
An attacker with low-level access can intercept and replay a legitimate user’s pre-MFA cookie to gain unauthorized access to that account.
While the vulnerability does not completely bypass MFA, it allows attackers to reach the MFA stage while impersonating another user, creating a significant security risk.
| CVE ID | Severity | CVSS Score | Vulnerability Description |
|---|---|---|---|
| CVE-2025-12485 | Critical | 9.4 | Improper privilege management during pre-MFA cookie handling allows authenticated users to impersonate other accounts via cookie replay |
| CVE-2025-12808 | High | 7.1 | Improper access control allows view-only users to access sensitive third-level nested fields, including passwords and custom values |
This improper privilege management issue represents a fundamental flaw in the authentication system’s validation of user identity during the pre-MFA phase.
For organizations relying on Devolutions Server for credential and access management, this vulnerability could enable attackers to move laterally within systems or escalate privileges.
A second vulnerability, CVE-2025-12808, has also been disclosed with a High CVSS score of 7.1.
This flaw allows users with limited view-only permissions to retrieve password lists and sensitive custom values they should not have access to.
This undermines the role-based access control system, exposing critical credentials to lower-privileged users.
Devolutions has released security updates addressing both vulnerabilities.
Organizations using Devolutions Server should immediately upgrade to version 2025.3.6.0 or higher, or version 2025.2.17.0 or higher if running older release branches.
The company published its security advisory on November 6, 2025, providing details on the vulnerabilities and remediation guidance.
Organizations managing privileged accounts through Devolutions Server should prioritize applying these patches immediately to prevent unauthorized access and account impersonation attacks.
The simultaneous disclosure of these vulnerabilities emphasizes the importance of maintaining secure access control systems and regularly auditing authentication mechanisms.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Devolutions Server Vulnerability Lets Attackers Impersonate Users Using Pre-MFA Cookie appeared first on Cyber Security News.
Guess they weren’t kidding with that “Oscars host for life” sketch at last year’s show.…
Christopher Nolan has confirmed a casting twist for his upcoming “mythic action epic,” The Odyssey.…
Christopher Nolan has confirmed a casting twist for his upcoming “mythic action epic,” The Odyssey.…
For this week only, Best Buy is offering a rare deal on a compact convertible…
Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across…
Fortinet released security advisories on May 12, 2026, addressing five vulnerabilities spanning its wireless access…
This website uses cookies.