Portal
Forum
Devolutions Force
Devolutions Hub Business
Devolutions Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
Security & Compliance
DEVO-2025-0012
Zusammenfassung
Devolutions Server is affected by multiple vulnerabilities.
Betroffene Produkte
Devolutions Server 2025.2.4 and earlier
Änderungsprotokoll
22/7/2025 - Initial publication
Schweregrad
High
Produkt
Devolutions Server
Behobene Version
2025.2.5.0
Improper access control in secure message component in Devolutions Server
Beschreibung
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.5.0 or higher
Schweregrad
7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Betroffene Produkte
- Devolutions Server 2025.2.2.0 through 2025.2.4.0
- Devolutions Server 2025.1.11.0 and earlier
CVE(s)
CVE-2025-6741
Use of weak credentials in emergency authentication component in Devolutions Server
Beschreibung
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.
Behebungen und Workarounds
Upgrade to Devolutions Server 2025.2.4.0 or higher
Schweregrad
9.5 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H
Betroffene Produkte
- Devolutions Server 2025.2.2.0 through 2025.2.3.0
- Devolutions Server 2025.1.11.0 and earlier
CVE(s)
CVE-2025-6523
