CVE-2025-6741

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6741
Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.4.0 * Devolutions Server 2025.1.11.0 and earlier

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://devolutions.net/security/advisories/DEVO-2025-0012/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*
History

08 Oct 2025, 16:16

Type Values Removed Values Added
References () https://devolutions.net/security/advisories/DEVO-2025-0012/ - () https://devolutions.net/security/advisories/DEVO-2025-0012/ - Vendor Advisory
First Time Devolutions
Devolutions devolutions Server
CPE cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*

25 Jul 2025, 15:29

Type Values Removed Values Added
Summary
  • (es) Un control de acceso inadecuado en el componente de mensajes seguros en Devolutions Server permite que un usuario autenticado robe entradas no autorizadas a través de la función de adjuntar entradas de mensajes seguros. Este problema afecta a las siguientes versiones: * Devolutions Server 2025.2.2.0 a 2025.2.4.0 * Devolutions Server 2025.1.11.0 y anteriores

22 Jul 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.7

22 Jul 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-22 17:15

Updated : 2025-10-08 16:16

NVD link : CVE-2025-6741

Mitre link : CVE-2025-6741

CVE.ORG link : CVE-2025-6741

JSON object : View

Products Affected

devolutions

  • devolutions_server
CWE
CWE-284

Improper Access Control