CVE-2025-13765 | THREATINT

Description

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.

PUBLISHED Reserved 2025-11-27 | Published 2025-11-27 | Updated 2025-12-01 | Assigner DEVOLUTIONS

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

Any version before 2025.2.21

affected

Any version before 2025.3.9

affected

References

devolutions.net/security/advisories/DEVO-2025-0018/

cve.org (CVE-2025-13765)

nvd.nist.gov (CVE-2025-13765)

Download JSON