Primary

Context

Devolutions Remote Desktop Manager Autotyping Feature Insufficient Logging Vulnerability

Vulnerability

Patched

A vulnerability exists in the autotyping feature of Devolutions Remote Desktop Manager for Windows, specifically in versions 2025.1.24 through 2025.1.25 and all versions up to 2024.3.29. This vulnerability allows an authenticated user to utilize a stored password without creating a log entry, by exploiting the autotyping functionality.

Impact

Exploitation of this vulnerability allows for the use of stored passwords without generating log events, potentially leading to unauthorized access or actions being performed without proper accountability.

Remediation

Users can upgrade to Devolutions Remote Desktop Manager version 2024.3.31 or 2025.1.26 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Remote Desktop Manager Autotyping Feature Insufficient Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Devolutions Remote Desktop Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating