CVE-2025-6741
HIGHDevolutions Server <=2025.1.11.0, 2025.2.2.0-2025.2.4.0 - Unauthorized Entry Access via Secure Message Attachment
Title source: llmDescription
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.4.0 * Devolutions Server 2025.1.11.0 and earlier
References (1)
Core 1
Core References
Vendor Advisory
https://devolutions.net/security/advisories/DEVO-2025-0012/
Scores
CVSS v3
7.7
EPSS
0.0035
EPSS Percentile
26.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
devolutions/devolutions_server
< 2025.1.11.0
Published
Jul 22, 2025
Tracked Since
Feb 18, 2026