Primary

Context

Devolutions Server Improper Access Control Vulnerability in Secure Message Component

Vulnerability

Patched

A vulnerability exists in the secure message component of Devolutions Server, allowing authenticated users to access unauthorized entries through the message attachment feature. This issue affects Devolutions Server versions 2025.2.2.0 to 2025.2.4.0, as well as all versions prior to 2025.1.11.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to secure message entries, allowing users to view or steal sensitive information that should not be accessible to them.

Remediation

Users are advised to upgrade to Devolutions Server version 2025.2.5.0 or higher.

Added: Jul 22, 2025, 5:17 PM

Updated: Jul 22, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server Improper Access Control Vulnerability in Secure Message Component

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating