Improper Host Validation in Devolutions Remote Desktop Manager
CVE-2025-1193

8.1HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 10 February 2025

Summary

An improper host validation issue exists in the certificate validation component of Devolutions Remote Desktop Manager, affecting versions up to 2024.3.19 on Windows. This vulnerability could allow an attacker to conduct a man-in-the-middle attack by presenting a fraudulent certificate for a different host, which could lead to unauthorized interception and modification of encrypted communications.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2024.3.19

References

https://devolutions.net/security/advisories/DEVO-2025-0001/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 10, 2025