Volerion logoVolerion
Volerion logoVolerion

Devolutions Server Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Traffic Interception

Vulnerability

A vulnerability exists in Devolutions Server in versions through 2025.3.2 that involves improper validation of TLS certificates when connecting to Devolutions Gateways. This flaw allows attackers in a man-in-the-middle position to intercept or potentially tamper with traffic between the Devolutions Server and the Gateway. Although the initial connection lacks proper domain validation, the endpoints do validate the certificate when establishing a connection, which helps secure the sessions going through the gateway.

Impact

Exploitation of this vulnerability could lead to interception or tampering of traffic between Devolutions Server and a Gateway, creating a man-in-the-middle scenario. However, sessions through the gateway remain secure, as certificate validation occurs at the endpoints when a connection is initiated.

Remediation

Users are advised to update Devolutions Server to version 2025.3.3 or 2025.2.15.

Added: Oct 15, 2025, 8:26 PM
Updated: Oct 15, 2025, 8:26 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
3.3
exploitability
6.0
remediation
7.7
relevance
0.7
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.