Improper Host Validation in Devolutions Remote Desktop Manager
CVE-2025-1193

8.1HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 10 February 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-1193?

An improper host validation issue exists in the certificate validation component of Devolutions Remote Desktop Manager, affecting versions up to 2024.3.19 on Windows. This vulnerability could allow an attacker to conduct a man-in-the-middle attack by presenting a fraudulent certificate for a different host, which could lead to unauthorized interception and modification of encrypted communications.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2024.3.19

References

https://devolutions.net/security/advisories/DEVO-2025-0001/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 10, 2025