CVE-2025-11958
📋 TL;DR
An improper input validation vulnerability in Devolutions Server's Security Dashboard ignored-tasks API allows authenticated users to send crafted requests that cause denial of service to the Security Dashboard component. This affects Devolutions Server 2025.2.15.0 and earlier versions. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- Devolutions Server
📦 What is this software?
Devolutions Server by Devolutions
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker renders the Security Dashboard component completely unavailable, preventing security monitoring and alerting functionality.
Likely Case
Authenticated user accidentally or intentionally disrupts Security Dashboard functionality, requiring service restart to restore normal operations.
If Mitigated
With proper authentication controls and monitoring, impact is limited to temporary dashboard unavailability for authorized users only.
🎯 Exploit Status
Requires authenticated access to the Devolutions Server API. The specific crafted request format is not publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.2.16.0 or later
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0015/
Restart Required: No
Instructions:
1. Download the latest Devolutions Server version from the official website. 2. Run the installer to upgrade your existing installation. 3. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Restrict API Access
allLimit access to the Security Dashboard API endpoints to only necessary administrative users.
Monitor API Requests
allImplement logging and monitoring for unusual patterns in Security Dashboard API requests.
🧯 If You Can't Patch
- Implement strict access controls to limit which users can access the Security Dashboard API
- Monitor for unusual patterns of API requests to the ignored-tasks endpoint
🔍 How to Verify
Check if Vulnerable:
Check Devolutions Server version in the web interface under Settings > About or run the server and check the version in the logs.Check Version:
Check web interface at Settings > About or examine server startup logsVerify Fix Applied:
Verify the version is 2025.2.16.0 or later and test Security Dashboard functionality remains available after sending various API requests.📡 Detection & Monitoring
Log Indicators:
- Unusual patterns of requests to /api/security-dashboard/ignored-tasks endpoint
- Security Dashboard service crashes or becomes unresponsive
Network Indicators:
- Multiple POST requests to ignored-tasks API endpoint with unusual payloads
SIEM Query:
source="devolutions-server" AND (uri_path="/api/security-dashboard/ignored-tasks" OR message="Security Dashboard unavailable")