CVE-2025-5334
HIGHDescription
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier
Is your site exposed to CVE-2025-5334?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
| devolutions | remote_desktop_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-5334? +
How severe is CVE-2025-5334? +
What products are affected by CVE-2025-5334? +
How do I check if I'm vulnerable to CVE-2025-5334? +
Related Vulnerabilities
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 …
gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address …
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions …
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. Several …
In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a …
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full …