Description
Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing.
Published: 2026-01-08
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability pertains to a defective masking mechanism in the TeamViewer entry dashboard component of Devolutions Remote Desktop Manager. Due to this flaw, an external observer—either in person or via screen sharing—can see displayed passwords on the screen. The weakness enables an attacker to steal credentials, compromising confidentiality of stored passwords. The issue is a classic information disclosure flaw as identified by CWE-200.

Affected Systems

Devolutions Remote Desktop Manager versions 2025.3.24.0 through 2025.3.28.0 running on Windows environments are affected. Users of these builds who store passwords in the TeamViewer entry dashboard component are at risk.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, but the practical impact is significant for individuals handling sensitive credentials. EPSS indicates that exploitation probability is below 1%, so widespread attacks are unlikely at this time. The vulnerability is not listed in the CISA KEV database, and no public exploits have been documented. An attacker would require access to the physical machine or a screen sharing session; therefore, the attack vector is predominantly physical or insider-based.

Generated by OpenCVE AI on April 18, 2026 at 16:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Devolutions Remote Desktop Manager to version 2025.3.29.0 or later, which removes the defective masking feature.
  • If an immediate upgrade is not possible, disable the password visibility option in TeamViewer entry dashboards or avoid displaying passwords during screen sharing sessions.
  • Implement strict access control for physical machines and limit screen–sharing sessions to trusted users, ensuring that remote sessions are encrypted and monitored for unauthorized observation.

Generated by OpenCVE AI on April 18, 2026 at 16:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Title External Observer Can View Password Screens in Devolutions Remote Desktop Manager

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:windows:*:*

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Devolutions
Devolutions remote Desktop Manager
Microsoft
Microsoft windows
Vendors & Products Devolutions
Devolutions remote Desktop Manager
Microsoft
Microsoft windows

Thu, 08 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Devolutions Remote Desktop Manager
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: DEVOLUTIONS

Published:

Updated: 2026-01-08T20:07:40.198Z

Reserved: 2026-01-08T19:09:44.557Z

Link: CVE-2026-0747

cve-icon Vulnrichment

Updated: 2026-01-08T20:07:16.415Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T20:15:44.927

Modified: 2026-01-22T18:14:40.343

Link: CVE-2026-0747

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses