CVE-2025-13758

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8...

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

CVE-2025-13758

CVE-2025-13758 is tied to Devolutions Server and describes exposure of credentials in unintended requests. The connected Nessus entry (DEVO-2025-0018) confirms this issue alongside related CVEs and states affected versions include Devolutions Server up to 2025.2.20 and up to 2025.3.8, respectivel...

CVE-2025-13758

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8...

CVE-2025-13758

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8...

CVE-2025-13757

CVE-2025-13757 affects Devolutions Server. The issue is an SQL injection in the last usage logs, exploitable across affected builds through 2025.2.20 and 2025.3.8. CVSS v3.1 base score 8.8 (NETWORK, LOW complexity, LOW privileges, no user interaction). Impact is high on confidentiality, integrity...

CVE-2025-13757

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8...

CVE-2025-13757

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8...

CVE-2025-13765

CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

PT-2025-48270

Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 and through 2025.3.8 Description Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all...

PT-2025-48271

Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 Devolutions Server versions through 2025.3.8 Description The software exhibits a flaw where credentials may be exposed in unintended requests. Recommendations Update Devolutions Server to a version...

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an unspecified vulnerability that originates from exposing credentials...

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...

Devolutions Server 安全漏洞

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...

PT-2025-48272

Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.2.21 Devolutions Server versions prior to 2025.3.9 Description The email service credentials were exposed to users lacking administrative privileges in Devolutions Server. Recommendations Update...

Devolutions Server <= 2025.2.15.0 Improper Input Validation (DEVO-2025-0015) (CVE-2025-11958)

The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.15.0 and is, therefore, affected by an improper authorization vulnerability: - An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows a...

Devolutions Server <= 2025.2.12.0 Improper authorization (DEVO-2025-0015) (CVE-2025-11957)

The version of Devolutions Server installed on the remote host is prior or equal to 2025.2.12.0 and is, therefore, affected by an improper authorization vulnerability: - Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated...

CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...