Improper Authorization in Devolutions Remote Desktop Manager for Windows
CVE-2025-2600

6.8MEDIUM

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-2600?

An improper authorization vulnerability exists in Devolutions Remote Desktop Manager for Windows that permits authenticated users to utilize the ELEVATED_PASSWORD variable contrary to the restrictions set by the 'Allow password in variable policy'. This can lead to unauthorized access to sensitive password information, compromising the security integrity of the application.

Affected Version(s)

Remote Desktop Manager Windows 2025.1.24 <= 2025.1.25

Remote Desktop Manager Windows 0 <= 2024.3.29

References

https://devolutions.net/security/advisories/DEVO-2025-0005/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 21, 2025