CVE-2025-2528
LOWDescription
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-2528? +
How severe is CVE-2025-2528? +
What products are affected by CVE-2025-2528? +
How do I check if I'm vulnerable to CVE-2025-2528? +
Related Vulnerabilities
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then …
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker …
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access …
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a …
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate …
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version …