Unauthorized Access to Personal Information in Devolutions Remote Desktop Manager
CVE-2025-5334

7.5HIGH

Key Information:

Vendor: Devolutions
Status: Remote Desktop Manager
Vendor: CVE Published:; 29 May 2025

🔔 Create Devolutions Vulnerability Alert

What is CVE-2025-5334?

A vulnerability in Devolutions Remote Desktop Manager permits an authenticated user to access private personal information in user vaults. Under certain conditions, user entries may inadvertently be transferred from private user vaults to shared vaults when edited by their original owners, resulting in potential exposure of sensitive information to unauthorized users.

Affected Version(s)

Remote Desktop Manager Windows 0 <= 2025.1.34.0

References

https://devolutions.net/security/advisories/DEVO-2025-0009

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
May 29, 2025