circle-info
🥳PowerShell Universal Joins Devolutions
Learn more arrow-up-right
search
DownloadsIssuesDiscordForums
githubEdit

CVEs

CVEs for PowerShell Universal.

Please report vulnerabilities to Ironman Software. To learn about our vulnerability response policy, click herearrow-up-right.

hashtag
CVE-2025-54552 - 7/25/2025 - Information disclosure

hashtag
Description

The PowerShell Universal Live App documentation lists all variables to authenticated users. The connection string variable is included in this list. Depending on database configuration, this can include plaintext credentials.

Affected Versions: v4.5.4 and earlier, v5.6.0 and earlier

CVSS v4.0 Score: 8.7 / High: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C/CR:X/IR:X/AR:X/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:H/MA:Harrow-up-right

hashtag
Workaround

In addition to upgrading to a patched version, you can also edit the installation media to remove the variable.

Edit the file Docs\variables.ps1.

New-UDPage -Name 'Variables' -Icon (New-UDIcon -Icon 'SquareRootVariable') -Content {
    $Variables = Get-Variable | Where-Object Name -ne PSUConnectionString | ForEach-Object {
        [PSCustomObject]@{
            Name        = $_.Name
            Value       = if ($_.Value -eq $null) { "$null" } else { $_.Value.ToString() }
            Description = $_.Description
        }
    }
    New-UDTable -Title 'Variables' -Data $Variables -Columns @(
        New-UDTableColumn -Property Name -Title 'Name'
        New-UDTableColumn -Property Value -Title 'Value'
        New-UDTableColumn -Property Description -Title 'Description'
    ) -ShowPagination -Dense -PageSize 10
}

hashtag
CVE-TBD - 2/18/2025 - Incorrect Access Controls

hashtag
Description

Due to an authorization issue with the PowerShell Universal v5.3.x's gRPC service registration, a remote attacker can access the server using the Universal PowerShell module without authentication.

hashtag
CVSS v4.0 Score: 9.8 High

hashtag
CVE-2025-26792 - 1/29/2025 - Information disclosure

hashtag
Description

Version 4.5.x and 5.x.x are vulnerable to an information disclosure through directory traversal when using PowerShell Universal published folders. Systems that do not have this feature configured, are not affected. If authenticated published folders are configured, the attacker will need to be authenticated.

hashtag
CVSS v4.0 Score: 5.4 / Medium

This exploit allows an attacker to expose information of the affected system, depending on system configuration.

hashtag
CVE-2024-50616 - 10/17/2024 - Privilege escalation and information disclosure

hashtag
Description

Version 5.0.0 through 5.0.11 are vulnerable to an exploit that allows an authenticated attacker to elevate their privileges and view job information.

hashtag
CVSS v4.0 Score: 7.4 / High

This exploit allows an authenticated attacker to take control of the platform via a vulnerability in the admin console.

hashtag

hashtag

PreviousRoadmap

Last updated

Was this helpful?