Remote Desktop Manager
CVE-2025-5334
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information.
Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.
This issue affects the following versions :
- Remote Desktop Manager Windows 2025.1.34.0 and earlier
* Remote Desktop Manager macOS 2025.1.16.3 and earlier
* Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier
AnalysisAI
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-359. Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier Affected products include: Devolutions Remote Desktop Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Remote Desktop Manager
View allImproper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allo
Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker tha
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to r
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager ve
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to
OS command injection in the SSH Elevate Shell feature of Devolutions Remote Desktop Manager up to 2026.2.7 lets an authe
Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on W
Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to byp
Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today