CVE-2025-1635
📋 TL;DR
This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to export hub data sources containing their authenticated session information due to faulty business logic. This exposes sensitive session data that could be used for unauthorized access. Affected users are those running vulnerable versions on Windows who have hub data source export permissions.
💻 Affected Systems
- Devolutions Remote Desktop Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious insider exports hub data containing active session tokens, then uses those tokens to gain unauthorized access to sensitive systems and credentials managed by Remote Desktop Manager.
Likely Case
Accidental exposure of session information through legitimate export operations, potentially allowing session hijacking if exported files are mishandled or accessed by unauthorized parties.
If Mitigated
Limited impact with proper access controls and monitoring, as exploitation requires authenticated user access and the vulnerability doesn't bypass authentication mechanisms.
🎯 Exploit Status
Exploitation requires authenticated user access and hub data source export permissions. The vulnerability is in business logic rather than a technical flaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.3.30 or later
Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2025-0004/
Restart Required: Yes
Instructions:
1. Download and install Remote Desktop Manager version 2024.3.30 or later from official Devolutions sources. 2. Close all Remote Desktop Manager instances. 3. Run the installer. 4. Restart the application after installation completes.
🔧 Temporary Workarounds
Restrict Hub Data Source Export Permissions
windowsLimit which users can export hub data sources to only trusted administrators who require this functionality.
Monitor Export Activities
allImplement logging and monitoring for hub data source export operations to detect suspicious activity.
🧯 If You Can't Patch
- Implement strict access controls to limit hub data source export capabilities to essential personnel only
- Establish procedures for secure handling of exported data and implement data loss prevention controls
🔍 How to Verify
Check if Vulnerable:
Check Remote Desktop Manager version in Help > About. If version is 2024.3.29 or earlier, the system is vulnerable.Check Version:
In Remote Desktop Manager, navigate to Help > About to view version informationVerify Fix Applied:
After patching, verify version shows 2024.3.30 or later in Help > About. Test hub data source export to confirm session information is no longer included.📡 Detection & Monitoring
Log Indicators:
- Unusual frequency of hub data source exports
- Exports performed by non-administrative users
- Large export file sizes indicating potential data exfiltration
Network Indicators:
- Unusual data transfers from Remote Desktop Manager instances
- Exported files being transferred to unauthorized locations
SIEM Query:
source="RemoteDesktopManager" AND (event="Export" OR event="DataExport") AND user NOT IN (admin_users)