Primary

Context

Devolutions Improper Certificate Validation in WinRM Connections Allowing Man-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in Devolutions Server and Remote Desktop Manager due to improper certificate validation in WinRM connections. This flaw allows network attackers to perform man-in-the-middle attacks by exploiting disabled TLS certificate verification. The vulnerability affects Devolutions Server versions through 2025.3.15.0 and Remote Desktop Manager versions through 2025.3.30.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle attack, allowing an attacker to intercept and potentially alter communications between parties.

Remediation

Users are advised to upgrade to Devolutions Server 2026.1 or Remote Desktop Manager 2026.1.

Added: Mar 20, 2026, 1:19 PM

Updated: Mar 20, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

6.2

remediation

8.3

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.3

exploitability

6.2

remediation

8.3

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions Improper Certificate Validation in WinRM Connections Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Devolutions Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating