CVE-2025-2499
Last modified
CVE-2025-2499 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Devolutions | Remote Desktop Manager | < 2024.3.31.0 |
| Devolutions | Remote Desktop Manager | >= 2025.1.24.0, < 2025.1.26.0 |
References
- https://devolutions.net/security/advisories/DEVO-2025-0005/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-2499?
How severe is CVE-2025-2499?
How do I fix CVE-2025-2499?
Are you affected by CVE-2025-2499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST