cvedb.io
CVE-2025-2600
MEDIUM · CVSS 6.8
EPSS exploitation probability: 0%
Published 2025-03-26T18:15:26.437 · Last modified 2026-06-17T09:07:15.620

Summary

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Affected products

devolutions — remote_desktop_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when devolutions ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.