📦

devolutions_server

Vendor: devolutions

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 1 Code Available
Total RCEs 1 Remote Access
Total CVEs 142 Total Indexed
Avg. EPSS 0.14% Exploit Prob.
Latest CVE CVE-2026-9590 Jun 02

Security Vulnerability Index

Page 4 / 15
6.5 CVSS
CVE-2026-3131

Improper access control in multiple DVLS REST API endpoints in Devolutions Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.

EPSS: 0.05%
4.3 CVSS
CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.

EPSS: 0.03%
7.6 CVSS
CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.

EPSS: 0.04%
9.8 CVSS
CVE-2026-0610

SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12

EPSS: 0.06%
6.5 CVSS
CVE-2025-13683

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.

EPSS: 0.04%
4.3 CVSS
CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.

EPSS: 0.04%
3.5 CVSS
CVE-2025-13758

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.

EPSS: 0.03%
8.8 CVSS
CVE-2025-13757

SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.

EPSS: 0.03%
6.5 CVSS
CVE-2025-12808

Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier

EPSS: 0.05%
8.8 CVSS
CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions : * Devolutions Server 2025.3.2.0 through 2025.3.5.0 * Devolutions Server 2025.2.15.0 and earlier

EPSS: 0.08%