Information disclosure in Devolutions Remote Desktop Manager

CVE-2025-13683

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.

Vulnerability class: Information Disclosure

EPSS: 0.000 (13.7th percentile) — read the EPSS interpretation.

Affected products

Devolutions Remote Desktop Manager — versions 0
Devolutions Server — versions 0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

devolutions.net/security/advisories/DEVO-2025-0017/