Version 2025.3.10.0 (November 27, 2025)

If you are using a client (RDM, PowerShell, etc.), version 2025.3 is required for this DVLS version

IMPROVEMENTS

• Core - Added requirement for Entra ID secret expiration date during configuration to prevent unexpected login failures
• Core - Improved Entra ID authentication by displaying warning banners and sending email alerts to administrators when secrets approach expiration
• PAM - Added ability to create folders directly during PAM account import process
• PAM - Improved PAM administrator access to automatically grant access to all PAM vaults without manual assignment
• PAM - Reduced notification frequency for PAM health checks by sending alerts only once when accounts become out of sync

FIXES

• SECURITY CVE-2025-13757 Core - Fixed SQL injection vulnerability in the last usage logs API endpoint
• SECURITY CVE-2025-13758 Core - Fixed security issue where sensitive credentials were exposed in API responses for certain connection types (SMB, HyperV, WebDav, and others)
• SECURITY CVE-2025-13765 Core - Fixed security issue where SMTP configuration with passwords could be viewed through the API without administrator permissions
• Core - Fixed database permission errors for scheduler service on notification group subscriber tables
• Core - Fixed database permission errors for scheduler service when inserting telemetry events
• Core - Fixed duplicate key violations that occurred during server startup when users had both administrator and vault owner roles
• Core - Fixed erroneous mismatch log messages during SSO authentication from RDM
• Core - Fixed issue where configured additional access URIs were no longer accessible
• Core - Fixed login failures and server crashes when new users attempted to authenticate
• Web - Fixed issue where PAM account approval requests in the messages UI would freeze the interface and require page refresh

** CONSOLE RELEASE NOTES **

FIXES

• Minor update