CVE-2025-3768: Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the...

5.0 CVSS

Description

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.

Classification

CVE ID: CVE-2025-3768

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem Types

CWE-284: Improper Access Control

Affected Products

Vendor: Devolutions

Product: Server

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3768
https://devolutions.net/security/advisories/DEVO-2025-0011/

Timeline

2025-06-05 14:40:18 UTC
CVE

Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the...