CVE-2025-13757 – An SQL injection vulnerability in the last usag... (How to Fix)

Q: What is the severity of CVE-2025-13757?

CVE-2025-13757 has a CVSS score of 8.8 (HIGH). An SQL injection vulnerability in the last usage logs feature of Devolutions Server allows attackers to execute arbitrary SQL commands. This affects all Devolutions Server installations up to specific versions, potentially compromising database integrity and confidentiality. Organizations using vulnerable versions are at risk.

📋 TL;DR

An SQL injection vulnerability in the last usage logs feature of Devolutions Server allows attackers to execute arbitrary SQL commands. This affects all Devolutions Server installations up to specific versions, potentially compromising database integrity and confidentiality. Organizations using vulnerable versions are at risk.

💻 Affected Systems

Products:

Devolutions Server

Versions: through 2025.2.20, through 2025.3.8

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Devolutions Server by Devolutions

View all CVEs affecting Devolutions Server →

Devolutions Server by Devolutions

View all CVEs affecting Devolutions Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to data theft, data manipulation, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information like credentials and configuration data, and potential lateral movement within the database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only allowing data viewing without modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, but authentication requirements may limit attack surface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.2.21 or 2025.3.9

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0018/

Restart Required: Yes

Instructions:

1. Download latest version from Devolutions website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart Devolutions Server service.

🔧 Temporary Workarounds

Disable Last Usage Logs

all

Temporarily disable the vulnerable feature until patching

Network Segmentation

all

Restrict access to Devolutions Server to authorized users only

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at application layer
Apply database-level security controls including minimal privileges and query whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Devolutions Server version in web interface or configuration files

Check Version:

Check web interface or examine installation directory version files

Verify Fix Applied:

Verify version is 2025.2.21 or higher, or 2025.3.9 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL syntax in requests

Network Indicators:

SQL keywords in HTTP POST parameters to usage logs endpoints

SIEM Query:

source="devolutions_logs" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE") AND "usage_logs"

📊 Metadata

CVE ID: CVE-2025-13757

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.04% exploit probability (12.9th percentile)

Published: November 27, 2025

Last Updated: December 3, 2025

🔗 References

https://devolutions.net/security/advisories/DEVO-2025-0018/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13757, you might also want to check these: