This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://devolutions.net/security/advisories/DEVO-2025-0005/ |
![]() ![]() |
Tue, 26 Aug 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. |
Wed, 02 Jul 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Devolutions
Devolutions remote Desktop Manager |
|
CPEs | cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:* cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:* |
|
Vendors & Products |
Devolutions
Devolutions remote Desktop Manager |
Tue, 01 Apr 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Wed, 26 Mar 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | |
Weaknesses | CWE-285 | |
References |
|

Status: PUBLISHED
Assigner: DEVOLUTIONS
Published:
Updated: 2025-08-26T17:43:23.847Z
Reserved: 2025-03-21T13:07:59.688Z
Link: CVE-2025-2600

Updated: 2025-03-26T19:00:12.993Z

Status : Modified
Published: 2025-03-26T18:15:26.437
Modified: 2025-08-26T18:15:47.157
Link: CVE-2025-2600

No data.

No data.