What is CVE-2025-2600?

CVE-2025-2600 is a vulnerability in Devolutions Remote Desktop Manager, classified under Improper Authorization. Published 2025-03-26.

Is CVE-2025-2600 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Devolutions Remote Desktop Manager

CVE-2025-2600

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEVATED_PASSWORD variable even though not allowed by the "Allow password in variable policy". …

EPSS: 0.001 (33.2th percentile) — read the EPSS interpretation.

Affected products

Devolutions Remote Desktop Manager — versions 2025.1.24, 0

Weakness classification (CWE)

CWE-285 — Improper Authorization

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

devolutions.net/security/advisories/DEVO-2025-0005/

Frequently asked questions

What is CVE-2025-2600?: CVE-2025-2600 is a vulnerability in Devolutions Remote Desktop Manager, classified under Improper Authorization. Published 2025-03-26.
Is CVE-2025-2600 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.