CVE-2025-13758
27.11.2025, 16:15
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.Enginsight
| Vendor | Product | Version |
|---|---|---|
| devolutions | devolutions_server | 𝑥 < 2025.2.21.0 |
| devolutions | devolutions_server | 2025.3.2.0 ≤ 𝑥 < 2025.3.10.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.