Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
Solutions
Boost productivity, decrease costs, and increase security with a centralized platform where you can manage a wide range of remote connections and tools.
Improve your security strategy without reducing productivity by using a password management solution.
Diminish the risk of insider threats and cyberattacks while providing audit and compliance requirements for your team.
Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
Unified solutions: seamless integrations with Devolutions
Products
The best remote connection manager in the industry
Cloud-hosted password manager built for IT professionals
Self-hosted credential manager built for IT professionals
Privileged access manager built for IT professionals
Secure remote access management — no VPN required
We believe in making powerful tools accessible to everyone
Companion Tools
Mobile, desktop application & browser extension
Remote connection launching tool
Cmdlets that interact with Devolutions products
Secrets sharing made quick, secure, and simple
System service to control privileged operations
Resources
Your FREE go-to hub for mastering Devolutions' suite of products and services.
The Devolutions Forum is the place to go to connect with your peers and the Devolutions team.
Get answers to product specifications, settings and more on our documentation.
Stay up to date with our weekly articles on our blog, the toolbox for your IT success.
Use cases Success stories Reports & white papers Glossary (IT and security)
Contact Send message
Send message
 Call me
Call me
 Technical support Sales Contact information
About Us Devolutions Timeline Lifestyle
Careers Welcome Available positions Spontaneous application
Newsroom Press releases Newsletters In the news
Media Devolutions logos Wallpapers
Security & Compliance Security Advisories Trust Center Legal & privacy Report a security issue

Security & Compliance

Security & Compliance Reporting a Security Issue Advisories

DEVO-2025-0005

Summary

Remote Desktop Manager is affected by vulnerabilities

Affected Products

Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Change Log

2025/03/26 - Initial publication

Severity

Medium

Product

Remote Desktop Manager

Fix Version

Multiple versions

Client side access control bypass in the permission component of Remote Desktop Manager

Description

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions.

Remediation and Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Severity

5.3 Medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2499

Improper authorization in application password policy

Description

Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators.

Remediation and Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Severity

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2528

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager

Description

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality.

Remediation and Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Severity

5.3 medium - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2562

Improper authorization in the variable component in Devolutions Remote Desktop Manager

Description

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy".

Remediation and Workarounds

To remediate this issue, users should upgrade to Remote Desktop Manager version 2024.3.31, or 2025.1.26 or later.

Severity

2.0 Low - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVE(s)

CVE-2025-2600