Insufficient Logging in Remote Desktop Manager by Devolutions
CVE-2025-2562

5.4MEDIUM

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-2562?

The autotyping feature in Devolutions Remote Desktop Manager for Windows is affected by an insufficient logging vulnerability. This allows an authenticated user to utilize a stored password without generating an associated log event. This lack of logging could potentially enable unauthorized access to sensitive information, impacting the integrity of security practices within the application. Various versions of the product, specifically Remote Desktop Manager versions from 2025.1.24 to 2025.1.25, as well as earlier versions up to 2024.3.29, are susceptible to this issue.

Affected Version(s)

Remote Desktop Manager Windows 2025.1.24 <= 2025.1.25

Remote Desktop Manager Windows 0 <= 2024.3.29

References

https://devolutions.net/security/advisories/DEVO-2025-0005/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 20, 2025