CVE-2025-1193 – CVE-2025-1193 is a certificate validation vulne... (How to Fix)

Q: What is the severity of CVE-2025-1193?

CVE-2025-1193 has a CVSS score of 8.1 (HIGH). CVE-2025-1193 is a certificate validation vulnerability in Devolutions Remote Desktop Manager that allows man-in-the-middle attacks. Attackers can intercept and modify encrypted communications by presenting certificates for different hosts. This affects Windows users running Remote Desktop Manager version 2024.3.19 and earlier.

📋 TL;DR

CVE-2025-1193 is a certificate validation vulnerability in Devolutions Remote Desktop Manager that allows man-in-the-middle attacks. Attackers can intercept and modify encrypted communications by presenting certificates for different hosts. This affects Windows users running Remote Desktop Manager version 2024.3.19 and earlier.

💻 Affected Systems

Products:

Devolutions Remote Desktop Manager

Versions: 2024.3.19 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows version of Remote Desktop Manager. Other Devolutions products are not affected.

📦 What is this software?

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

Remote Desktop Manager by Devolutions

View all CVEs affecting Remote Desktop Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive remote desktop credentials and session data, leading to lateral movement and data exfiltration.

🟠

Likely Case

Interception of administrative credentials and session data for targeted systems accessed through the manager.

🟢

If Mitigated

Limited impact if network segmentation prevents MITM positioning and certificate pinning is enforced.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network positioning for MITM attack and ability to present fraudulent certificates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3.20 or later

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0001/

Restart Required: No

Instructions:

1. Open Remote Desktop Manager. 2. Go to Help > Check for Updates. 3. Install version 2024.3.20 or later. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Remote Desktop Manager traffic to trusted networks to reduce MITM opportunities.

Certificate Pinning

all

Implement certificate pinning for critical connections if supported by your environment.

🧯 If You Can't Patch

Restrict Remote Desktop Manager to internal networks only with strict firewall rules.
Monitor for unusual certificate validation failures in network logs.

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Remote Desktop Manager. If version is 2024.3.19 or earlier, you are vulnerable.

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Confirm version is 2024.3.20 or later in Help > About.

📡 Detection & Monitoring

Log Indicators:

Certificate validation failures for expected hosts
Unexpected certificate authorities in TLS handshakes

Network Indicators:

TLS connections with mismatched hostnames in certificates
Unusual MITM proxy activity on network segments with Remote Desktop Manager

SIEM Query:

source="rdm_logs" AND (event="certificate_validation_failed" OR event="tls_handshake_error")

📊 Metadata

CVE ID: CVE-2025-1193

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-295

EPSS Score: 0.05% exploit probability (16.3th percentile)

Published: February 10, 2025

Last Updated: March 28, 2025

🔗 References

https://devolutions.net/security/advisories/DEVO-2025-0001/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1193, you might also want to check these: