CVE-2025-5334

EPSS 0.09%
Veröffentlicht 29.05.2025 14:47:25
Zuletzt bearbeitet 02.07.2025 17:31:56
Quelle security@devolutions.net
CVE-Watchlists
Login
Unerledigt
Login

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information. 



Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.




This issue affects the following versions :

  *  Remote Desktop Manager Windows 2025.1.34.0 and earlier
  *  
Remote Desktop Manager macOS 2025.1.16.3 and earlier



  *  
Remote Desktop Manager Android 2025.1.3.3 and earlier
  *  
Remote Desktop Manager iOS 2025.1.6.0 and earlier

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Devolutions ≫ Remote Desktop Manager SwEdition- SwPlatformmacos Version <= 2025.1.16.3

Devolutions ≫ Remote Desktop Manager SwEditionfree SwPlatformwindows Version < 2025.1.37.0

Devolutions ≫ Remote Desktop Manager SwEditionteam SwPlatformwindows Version < 2025.1.37.0

Devolutions ≫ Remote Desktop Manager SwEdition- SwPlatformiphone_os Version < 2025.2.0.0

Devolutions ≫ Remote Desktop Manager SwEdition- SwPlatformandroid Version < 2025.2.0.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.264

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://devolutions.net/security/advisories/DEVO-2025-0009

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5334

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5334

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5334

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5334