Security & Compliance

DEVO-2025-0005

Zusammenfassung

Remote Desktop Manager is affected by vulnerabilities

Betroffene Produkte

Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Änderungsprotokoll

2025/03/26 - Initial publication

Schweregrad

Medium

Produkt

Remote Desktop Manager

Behobene Version

Multiple versions

Client side access control bypass in the permission component of Remote Desktop Manager

Beschreibung

Client side access control bypass in the permission component inDevolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions.

Behebungen und Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Schweregrad

5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2499

Improper authorization in application password policy

Beschreibung

Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user touse a configuration different from the one mandated by the system administrators.

Behebungen und Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Schweregrad

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2528

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager

Beschreibung

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality.

Behebungen und Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Schweregrad

5.3 medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2562

Improper authorization in the variable component in Devolutions Remote Desktop Manager

Beschreibung

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy".

Behebungen und Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Schweregrad

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Betroffene Produkte

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2600

Wir helfen Unternehmen dabei, das IT-Chaos zu meistern, indem wir Lösungen für Passwortverwaltung, Remoteverbindungen und privilegierte Zugriffsverwaltung bereitstellen.

DEVOLUTIONS

Sicherheit & Datenschutz | infos@devolutions.net

Alle Rechte vorbehalten © 2025 Devolutions