CVE-2025-13683
📋 TL;DR
This vulnerability in Devolutions Server and Remote Desktop Manager exposes credentials through unintended requests, potentially allowing attackers to access sensitive authentication data. It affects organizations using these products on Windows systems. The exposure occurs when credentials are inadvertently included in requests where they shouldn't be present.
💻 Affected Systems
- Devolutions Server
- Remote Desktop Manager
📦 What is this software?
Devolutions Server by Devolutions
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative credentials leading to complete compromise of Devolutions Server, unauthorized access to all managed remote connections, and potential lateral movement across the network.
Likely Case
Unauthorized users access credentials for specific remote systems, leading to compromised individual servers or workstations managed through the platform.
If Mitigated
Credential exposure is limited to non-critical systems or temporary credentials with minimal privileges, preventing significant damage.
🎯 Exploit Status
Exploitation requires understanding of the credential request mechanism and ability to intercept or generate specific requests. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Devolutions Server: 2025.3.8.1 or later; Remote Desktop Manager: 2025.3.23.1 or later
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0017/
Restart Required: Yes
Instructions:
1. Download the latest version from Devolutions website. 2. Backup current configuration. 3. Run the installer for the patched version. 4. Restart the service/application. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Devolutions Server and Remote Desktop Manager instances to only trusted users and systems
Credential Rotation
allRotate all credentials stored in the affected products to limit exposure window
🧯 If You Can't Patch
- Implement strict network access controls to limit who can communicate with Devolutions Server
- Enable detailed logging and monitoring for unusual credential access patterns
🔍 How to Verify
Check if Vulnerable:
Check the version in Devolutions Server admin panel or Remote Desktop Manager About dialog. If version is at or below affected versions, system is vulnerable.Check Version:
In Devolutions Server: Check Admin Panel → System Information. In Remote Desktop Manager: Help → About.Verify Fix Applied:
Verify version is 2025.3.8.1 or later for Devolutions Server, or 2025.3.23.1 or later for Remote Desktop Manager. Test credential requests to ensure no unintended exposure.📡 Detection & Monitoring
Log Indicators:
- Unusual credential request patterns
- Multiple failed credential access attempts from single source
- Credential requests from unexpected IP addresses
Network Indicators:
- Unusual volume of requests to credential endpoints
- Requests to credential APIs from unauthorized sources
SIEM Query:
source="devolutions.log" AND (credential_request OR auth_request) AND status=200 | stats count by src_ip