Improper Access Control in Devolutions Server Affects Security Features
CVE-2025-3768

5MEDIUM

Key Information:

Vendor: Devolutions
Status: Server
Vendor: CVE Published:; 5 June 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-3768?

The improper access control vulnerability in Devolutions Server enables authenticated users to bypass the Tor network blocking feature when the Devolutions hosted endpoint becomes unreachable. This vulnerability may lead to potential unauthorized access to sensitive information, as users could gain access to restricted features intended to safeguard the system's integrity. Such weaknesses highlight the necessity for robust access control mechanisms to ensure security in all operational contexts.

Affected Version(s)

Server 0 <= 2025.1.10.0

References

https://devolutions.net/security/advisories/DEVO-2025-0011/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2025
Vulnerability Reserved
Apr 17, 2025