Devolutions: >> Devolutions Server >> 2025.2.2.0 Security Vulnerabilities
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature
This issue affects the following versions :
* Devolutions Server 2025.2.2.0 through 2025.2.4.0
*
Devolutions Server 2025.1.11.0 and earlier
CVSS Score
7.7
EPSS Score
0.001
Published
2025-07-22
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.
This issue affects the following versions :
* Devolutions Server 2025.2.2.0 through 2025.2.3.0
*
Devolutions Server 2025.1.11.0 and earlier
CVSS Score
7.7
EPSS Score
0.002
Published
2025-07-22
Page 2