CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2600
https://notcve.org/view.php?id=CVE-2025-2600
26 Mar 2025 — Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. • https://devolutions.net/security/advisories/DEVO-2025-0005 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2562
https://notcve.org/view.php?id=CVE-2025-2562
26 Mar 2025 — Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. • https://devolutions.net/security/advisories/DEVO-2025-0005 • CWE-778: Insufficient Logging •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2528
https://notcve.org/view.php?id=CVE-2025-2528
26 Mar 2025 — Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. • https://devolutions.net/security/advisories/DEVO-2025-0005 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2499
https://notcve.org/view.php?id=CVE-2025-2499
26 Mar 2025 — Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. • https://devolutions.net/security/advisories/DEVO-2025-0005 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1636
https://notcve.org/view.php?id=CVE-2025-1636
13 Mar 2025 — Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic. • https://devolutions.net/security/advisories/DEVO-2025-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1635
https://notcve.org/view.php?id=CVE-2025-1635
13 Mar 2025 — Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic. • https://devolutions.net/security/advisories/DEVO-2025-0004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11621
https://notcve.org/view.php?id=CVE-2024-11621
10 Feb 2025 — Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier Missing certificate vali... • https://devolutions.net/security/advisories/DEVO-2025-0001 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1193
https://notcve.org/view.php?id=CVE-2025-1193
10 Feb 2025 — Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. • https://devolutions.net/security/advisories/DEVO-2025-0001 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12149
https://notcve.org/view.php?id=CVE-2024-12149
04 Dec 2024 — Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. La asignación incorrecta de permisos en el componente de solicitudes de acceso temporal en Devolutions Remote Desktop Manager 2024.3.19.0 y versiones anteriores en Windows permite que un usuario autenticado que solicita permisos temporales en una ent... • https://devolutions.net/security/advisories/DEVO-2024-0017 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11670
https://notcve.org/view.php?id=CVE-2024-11670
25 Nov 2024 — Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. • https://devolutions.net/security/advisories/DEVO-2024-0015 • CWE-863: Incorrect Authorization •