Portail 
Forum 
Devolutions Force 
Hub Business 
Hub Personal 
Devolutions Send 
Devolutions Academy 
RDM 
Workspace 
Launcher 
Sécurité et conformité
Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.
DEVO-2025-0005
Remote Desktop Manager is affected by vulnerabilities
Produits affectés
Journal des modifications
2025/03/26 - Initial publication
5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Client side access control bypass in the permission component of Remote Desktop Manager
Client side access control bypass in the permission component inDevolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions.
Produits affectés
CVE(s)
CVE-2025-2499
Mesures correctives et solutions de contournement
To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.
2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Improper authorization in application password policy
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user touse a configuration different from the one mandated by the system administrators.
Produits affectés
CVE(s)
CVE-2025-2528
Mesures correctives et solutions de contournement
To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.
5.3 medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality.
Produits affectés
CVE(s)
CVE-2025-2562
Mesures correctives et solutions de contournement
To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.
2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Improper authorization in the variable component in Devolutions Remote Desktop Manager
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy".
Produits affectés
CVE(s)
CVE-2025-2600
Mesures correctives et solutions de contournement
To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.
