CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://devolutions.net/security/advisories/DEVO-2025-0005/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::free:windows::
	cpe:2.3:a:devolutions:remote_desktop_manager:::::team:windows::

History

No history.

Information

Published : 2025-03-26 18:15

Updated : 2025-07-02 17:32

NVD link : CVE-2025-2562

Mitre link : CVE-2025-2562

CVE.ORG link : CVE-2025-2562

JSON object : View

Products Affected

devolutions

remote_desktop_manager

CWE

CWE-778

Insufficient Logging

{"id": "CVE-2025-2562", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-03-26T18:15:26.247", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0005/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-778"}]}], "descriptions": [{"lang": "en", "value": "Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality.\n\n\n\n\n\n\n\nThis issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29."}, {"lang": "es", "value": "Un registro insuficiente en la funci\u00f3n de autoescritura de Devolutions Remote Desktop Manager en Windows permite que un usuario autenticado use una contrase\u00f1a almacenada sin generar el evento de registro correspondiente mediante la funci\u00f3n de autoescritura. Este problema afecta a las versiones de Remote Desktop Manager desde la 2025.1.24 hasta la 2025.1.25, y a todas las versiones hasta la 2024.3.29."}], "lastModified": "2025-07-02T17:32:38.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "0C146019-3232-4413-BB31-AC876E37BFE5", "versionEndExcluding": "2024.3.31.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "183673B7-2357-4FA7-98E7-32F986B65BC3", "versionEndExcluding": "2024.3.31.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "3A6A560B-95F7-419D-8B56-7327BC2164B1", "versionEndExcluding": "2025.1.26.0", "versionStartIncluding": "2025.1.24.0"}, {"criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*", "vulnerable": true, "matchCriteriaId": "367DF58A-9A33-46BD-AB77-74B7B8A4E48E", "versionEndExcluding": "2025.1.26.0", "versionStartIncluding": "2025.1.24.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}