CVE-2025-6523
HIGHDescription
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier
Is your site exposed to CVE-2025-6523?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| devolutions | devolutions_server |
| devolutions | devolutions_server |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-6523? +
How severe is CVE-2025-6523? +
What products are affected by CVE-2025-6523? +
How do I check if I'm vulnerable to CVE-2025-6523? +
Related Vulnerabilities
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can …
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the …
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a …
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. …
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 …