Devolutions Security Vulnerabilities (CVEs)

Devolutions Server versions 2025.3.14 and earlier store sensitive user account information unencrypted in the database. This allows attackers with dat...

This vulnerability in Devolutions Server and Remote Desktop Manager exposes credentials through unintended requests, potentially allowing attackers to...

An SQL injection vulnerability in the last usage logs feature of Devolutions Server allows attackers to execute arbitrary SQL commands. This affects a...

Devolutions Server versions through 2025.2.20 and 2025.3.8 expose credentials in unintended requests, potentially leaking sensitive authentication dat...

CVE-2025-13765 allows non-administrative users in Devolutions Server to access email service credentials, potentially exposing sensitive authenticatio...

An improper access control vulnerability in Devolutions Server allows users with 'View-only' permissions to access sensitive nested password fields th...

An improper input validation vulnerability in Devolutions Server's Security Dashboard ignored-tasks API allows authenticated users to send crafted req...

CVE-2025-11619 is an improper certificate validation vulnerability in Devolutions Server that allows man-in-the-middle attackers to intercept encrypte...

A deadlock in the PAM automatic check-in feature of Devolutions Server allows passwords to remain valid beyond their intended check-out period. This a...

This vulnerability allows authenticated users in Devolutions Server to bypass client-side validation and edit permissions they shouldn't have access t...

This vulnerability allows non-administrative users with both 'User Management' and 'User Group Management' permissions in Devolutions Server to escala...

This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to access private personal information when entries are unintentio...

This vulnerability allows a PAM (Privileged Access Management) user in Devolutions Server to perform JIT (Just-In-Time) privilege requests on groups t...

This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to use stored passwords via the autotyping feature without generat...

This vulnerability in Devolutions Server exposes SSH passwords in the web-based authentication component due to missing password masking. An authentic...

This vulnerability allows authenticated users in Devolutions Server to access temporary access and checkout request information by guessing or knowing...

This vulnerability allows authenticated users in Devolutions Server to bypass browser extension restrictions, potentially enabling malicious browser e...

This vulnerability in Devolutions Remote Desktop Manager allows authenticated users to export hub data sources containing their authenticated session ...

CVE-2025-1193 is a certificate validation vulnerability in Devolutions Remote Desktop Manager that allows man-in-the-middle attacks. Attackers can int...

This vulnerability allows attackers to perform man-in-the-middle attacks by intercepting and modifying encrypted communications in Devolutions Remote ...

This vulnerability allows authenticated users in Devolutions Server to view password history entries without proper authorization. Attackers with vali...

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to request temporary permissions on entries and receive higher pri...

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to bypass multi-factor authentication (MFA) by switching data sour...

This vulnerability allows authenticated users in Devolutions DVLS to bypass intended access controls and view password history data they shouldn't hav...

This CVE describes an authorization bypass vulnerability in Devolutions Server's PAM access request approval mechanism. Authenticated users with appro...

This vulnerability allows authenticated users in Devolutions Remote Desktop Manager to bypass execute permissions through the PAM dashboard. Attackers...

This vulnerability allows an authenticated attacker to bypass two-factor authentication (2FA) in Devolutions Server by using another browser tab to au...

This vulnerability in Devolutions Remote Desktop Manager allows attackers who obtain exported configuration files to recover PowerShell credentials st...

This vulnerability allows authenticated users with PAM JIT elevation access in Devolutions Server to manipulate LDAP filter queries through crafted re...

This vulnerability allows attackers with access to Devolutions Server's PAM JIT elevation feature to escalate privileges to unauthorized groups via cr...

This vulnerability allows users in Devolutions Server to retain elevated privileges beyond their intended expiration time. Attackers could exploit thi...

This vulnerability allows attackers to inject malicious code into Remote Desktop Manager on macOS by manipulating the DYLIB_INSERT_LIBRARIES environme...

This vulnerability allows attackers with permission to manage PAM propagation scripts in Devolutions Server to retrieve stored passwords via a GET req...

This vulnerability allows attackers to cause denial of service by exploiting uncontrolled resource consumption in Devolutions Gateway's logging featur...

This SQL injection vulnerability in Devolutions Server allows authenticated attackers to execute arbitrary SQL commands through insufficient input san...

This path traversal vulnerability in Devolutions Remote Desktop Manager allows attackers to create or overwrite arbitrary files on the system by manip...

This vulnerability in Devolutions Remote Desktop Manager allows attackers to bypass permission checks via batch custom PowerShell scripts. Attackers c...

This SQL injection vulnerability in Devolutions Server allows administrative users to execute arbitrary SQL commands via the username parameter in the...

This vulnerability allows Windows domain users to bypass authentication in Devolutions Server, potentially gaining unauthorized access. It affects org...