Security & Compliance

DEVO-2025-0009

Summary

Remote Desktop Manager is affected by a vulnerability

Affected Products

Remote Desktop Manager 2025.1.34.0 and earlier

Change Log

29/05/2025 - Initial publication

Severity

High

Products

Remote Desktop Manager Windows

Fix Version

2025.1.37.0

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager

Description

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Managerallows an authenticated user to gain unauthorized access to private personal information.

Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.

Remediation and Workarounds

Upgrade to Remote Desktop Manager Windows 2025.1.37.0 or higher

Severity

7.3 High - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Affected Products

This issue affects the following versions :

  • Remote Desktop Manager Windows 2025.1.34.0 and earlier
CVE(s)

CVE-2025-5334

Helping organizations control the IT chaos by providing highly-secure password, remote connection and privileged access management solutions.

DEVOLUTIONS

Legal & privacy | infos@devolutions.net

All rights reserved © 2025 Devolutions