CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-5334: Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an...

Description

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information.

Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.

This issue affects the following versions :

* Remote Desktop Manager Windows 2025.1.34.0 and earlier

Classification

CVE ID: CVE-2025-5334

Problem Types

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

Affected Products

Vendor: Devolutions

Product: Remote Desktop Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.75% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5334
https://devolutions.net/security/advisories/DEVO-2025-0009

Timeline

2025-05-29 15:40:19 UTC
CVE

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an...