Insufficient Logging in Remote Desktop Manager by Devolutions
CVE-2025-2562

5.4MEDIUM

Key Information:

Vendor

Devolutions

Status
Remote Desktop Manager
Vendor
CVE Published:
26 March 2025

What is CVE-2025-2562?

The autotyping feature in Devolutions Remote Desktop Manager for Windows is affected by an insufficient logging vulnerability. This allows an authenticated user to utilize a stored password without generating an associated log event. This lack of logging could potentially enable unauthorized access to sensitive information, impacting the integrity of security practices within the application. Various versions of the product, specifically Remote Desktop Manager versions from 2025.1.24 to 2025.1.25, as well as earlier versions up to 2024.3.29, are susceptible to this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Remote Desktop Manager Windows 2025.1.24 <= 2025.1.25

Remote Desktop Manager Windows 0 <= 2024.3.29

References

https://devolutions.net/security/advisories/DEVO-2025-0005/

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.