CVE-2025-1193

HIGH

Devolutions Remote Desktop Manager - Improper Certificate Validation

Title source: rule

Description

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host.

References (1)

[Vendor Advisory] https://devolutions.net/security/advisories/DEVO-2025-0001/

Scores

CVSS v3 8.1

EPSS 0.0025

EPSS Percentile 47.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (1)

devolutions/remote_desktop_manager < 2024.3.20.0 (2 CPE variants)

Published Feb 10, 2025

Tracked Since Feb 18, 2026