CVE-2025-5334
Unauthorized Access to Private Personal Information in Devolutions Remote Desktop Manager
Overview
This vulnerability allows an authenticated user to gain unauthorized access to private personal information in the user vaults component of Devolutions Remote Desktop Manager. Entries may be unintentionally moved from user vaults to shared vaults when edited by owners, making them accessible to other users.
Technical Details
Under specific circumstances, when the vault entries are altered by their owners, they can inadvertently be moved from user-specific vaults to shared vaults. Consequently, these entries become open to other users leading to an unauthorized access to confidential information.
CVSS Metrics
- cvss_base_score: 7.5
- base_severity: HIGH
- attack_vector: NETWORK
- attack_complexity: HIGH
- user_interaction: REQUIRED
- scope: UNCHANGED
- confidentiality_impact: HIGH
- integrity_impact: HIGH
- availability_impact: HIGH
Impact
This vulnerability could potentially lead to unauthorized access of a user's private personal information by others who share the vaults. This results in confidentiality, integrity, and availability impacts.
Recommendations
To protect against this vulnerability, it's recommended to update Devolutions Remote Desktop Manager to the latest version and periodically monitor and audit vault use within the tool to ensure no unauthorized access or use.
Threat Metrics
- cvss_score: 7.5
- severity: HIGH
- attack_vector: NETWORK
- attack_complexity: HIGH
- privileges_required: NONE
- user_interaction: REQUIRED
- scope: UNCHANGED
- confidentiality_impact: HIGH
- integrity_impact: HIGH
- availability_impact: HIGH