Primary

Context

Devolutions Server SQL Injection Vulnerability in Remote Sessions

Vulnerability

Patched

A SQL injection vulnerability has been identified in the remote sessions feature of Devolutions Server. This issue affects versions 2025.3.1 through 2025.3.12. The vulnerability allows users with session monitoring permissions to extract or modify data.

Impact

Exploitation of this vulnerability could lead to unauthorized data access or modification.

Remediation

Users are advised to upgrade to Devolutions Server version 2025.3.14 or later.

Added: Jan 19, 2026, 3:22 PM

Updated: Jan 19, 2026, 3:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

5.2

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Server SQL Injection Vulnerability in Remote Sessions

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating