CVE-2025-1636

Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2025-0004/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows::

History

No history.

Information

Published : 2025-03-13 13:15

Updated : 2025-03-28 16:20

NVD link : CVE-2025-1636

Mitre link : CVE-2025-1636

CVE.ORG link : CVE-2025-1636

JSON object : View

Products Affected

devolutions

remote_desktop_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2025-1636", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-13T13:15:46.970", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0004/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows an authenticated user to inadvertently leak the My Personal Credentials in a shared vault via the clear history feature due to faulty business logic."}, {"lang": "es", "value": "La exposici\u00f3n de informaci\u00f3n confidencial en el componente de historial de contrase\u00f1as de mis credenciales personales en Devolutions Remote Desktop Manager 2024.3.29 y versiones anteriores en Windows permite que un usuario autenticado filtre inadvertidamente Mis credenciales personales en una b\u00f3veda compartida a trav\u00e9s de la funci\u00f3n de borrar historial debido a una l\u00f3gica comercial defectuosa."}], "lastModified": "2025-03-28T16:20:21.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "0C146019-3232-4413-BB31-AC876E37BFE5", "versionEndExcluding": "2024.3.31.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "183673B7-2357-4FA7-98E7-32F986B65BC3", "versionEndExcluding": "2024.3.31.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}