Portail
Forum
Devolutions Force
Hub Business
Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
Sécurité et conformité
DEVO-2025-0012
Résumé
Devolutions Server is affected by multiple vulnerabilities.
Produits affectés
Devolutions Server 2025.2.4 and earlier
Journal des modifications
22/7/2025 - Initial publication
Sévérité
High
Produit
Devolutions Server
Version corrigée
2025.2.5.0
Improper access control in secure message component in Devolutions Server
Description
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.2.5.0 or higher
Sévérité
7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produits affectés
- Devolutions Server 2025.2.2.0 through 2025.2.4.0
- Devolutions Server 2025.1.11.0 and earlier
CVE(s)
CVE-2025-6741
Use of weak credentials in emergency authentication component in Devolutions Server
Description
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.
Mesures correctives et solutions de contournement
Upgrade to Devolutions Server 2025.2.4.0 or higher
Sévérité
9.5 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H
Produits affectés
- Devolutions Server 2025.2.2.0 through 2025.2.3.0
- Devolutions Server 2025.1.11.0 and earlier
CVE(s)
CVE-2025-6523
