Improper Certificate Validation in Devolutions Server by Devolutions
CVE-2025-11619

8.8HIGH

Key Information:

Vendor: Devolutions
Status: Devolutions Server
Vendor: CVE Published:; 15 October 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-11619?

A vulnerability in Devolutions Server versions 2025.3.2 and earlier stems from improper certificate validation during connections to gateways. This flaw can enable attackers in a Man-in-the-Middle (MitM) position to intercept sensitive traffic, potentially exposing confidential information transmitted between clients and servers. It is critical for users of affected versions to review their security practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Devolutions Server 2025.3.2

References

https://devolutions.net/security/advisories/DEVO-2025-0014/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Oct 10, 2025

JSON