Avis de sécurité

Sécurité et conformité

Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.

Avis Signaler un problème de sécurité Centre de confiance

Retour à la liste

DEVO-2025-0012

Devolutions Server is affected by multiple vulnerabilities.

Produits affectés

Devolutions Server

2025.2.4 and earlier

Journal des modifications

22/7/2025 - Initial publication

7.1 High - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Improper access control in secure message component in Devolutions Server

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature.

Produits affectés

CVE(s)

CVE-2025-6741

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.5.0 or higher

9.5 Critical - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H

Use of weak credentials in emergency authentication component in Devolutions Server

Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.

Produits affectés

CVE(s)

CVE-2025-6523

Mesures correctives et solutions de contournement

Upgrade to Devolutions Server 2025.2.4.0 or higher