Sécurité et conformité
Nous respectons les normes les plus élevées pour protéger vos données et garantir la confiance.
DEVO-2025-0014
Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.
Produits affectés
Journal des modifications
14/10/2025 - Initial publication
7.7 High - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lack of TLS domain validation when connecting to gateways
The TLS certificate validation when connecting to a Devolutions Gateway failed to validate that the subject of the certificate matched the domain name of the host. This could allow attackers in a MitM position to intercept or tamper traffic between Devolutions Server and a Gateway.
The security of the sessions going through the gateway is not impacted, as the certificate is also validated on the endpoints when initiating a connection.
Produits affectés
CVE(s)
CVE-2025-11619
Mesures correctives et solutions de contournement
Update to Devolutions Server 2025.3.3 or higher, 2025.2.15 or higher