Improper Authorization in Devolutions Remote Desktop Manager on Windows
CVE-2025-2528

3.6LOW

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-2528?

A vulnerability in Devolutions Remote Desktop Manager for Windows allows an authenticated user to bypass the intended application password policy, using a configuration that may not align with the settings enforced by system administrators. This could lead to unauthorized access, posing security risks to sensitive remote connections and data management.

Affected Version(s)

Remote Desktop Manager Windows 2025.1.24 <= 2025.1.25

Remote Desktop Manager Windows 0 <= 2024.3.29

References

https://devolutions.net/security/advisories/DEVO-2025-0005/

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 19, 2025