CVE-2025-2499
MEDIUMDevolutions Remote Desktop Manager <2025.1.25 - Auth Bypass
Title source: llmDescription
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
References (1)
Core 1
Core References
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2025-0005/
Scores
CVSS v3
5.4
EPSS
0.0034
EPSS Percentile
25.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
devolutions/remote_desktop_manager
< 2024.3.31.0 (2 CPE variants)
Published
Mar 26, 2025
Tracked Since
Feb 18, 2026