Sécurité et conformité

DEVO-2025-0005

Résumé

Remote Desktop Manager is affected by vulnerabilities

Produits affectés

Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Journal des modifications

2025/03/26 - Initial publication

Sévérité

Medium

Produit

Remote Desktop Manager

Version corrigée

Multiple versions

Client side access control bypass in the permission component of Remote Desktop Manager

Description

Client side access control bypass in the permission component inDevolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions.

Mesures correctives et solutions de contournement

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Sévérité

5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produits affectés

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2499

Improper authorization in application password policy

Description

Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user touse a configuration different from the one mandated by the system administrators.

Mesures correctives et solutions de contournement

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Sévérité

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produits affectés

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2528

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager

Description

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality.

Mesures correctives et solutions de contournement

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Sévérité

5.3 medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produits affectés

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2562

Improper authorization in the variable component in Devolutions Remote Desktop Manager

Description

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy".

Mesures correctives et solutions de contournement

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Sévérité

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Produits affectés

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2600

Devolutions aide les organisations à contrôler le chaos relié aux TI en offrant des solutions sécurisées de gestion d’accès privilégiés, de connexions à distance et de mots de passe.

DEVOLUTIONS

Légal & vie privée | infos@devolutions.net

Tous droits réservés © 2025 Devolutions