cvedb.io
CVE-2025-2499
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-03-26T18:15:25.720 · Last modified 2026-06-17T09:07:04.157

Summary

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Affected products

devolutions — remote_desktop_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when devolutions ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.