CVE-2025-2528
published 2025-03-26CVE-2025-2528: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration…
PriorityP414low3.6CVSS 3.1
AVLACHPRLUINSUCLILAN
EPSS
0.16%
6.0th percentile
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use a configuration different from the one mandated by the system administrators.
This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| devolutions | remote_desktop_manager | < 2024.3.31.0 | 2024.3.31.0 |
| devolutions | remote_desktop_manager | <= 2024.3.29 | — |
| devolutions | remote_desktop_manager | 2025.1.24 – 2025.1.25 | — |
| devolutions | remote_desktop_manager | >= 2025.1.24.0 < 2025.1.26.0 | 2025.1.26.0 |
| linux | linux_kernel | >= 2.6.12 < 5.4.301 | 5.4.301 |
| linux | linux_kernel | >= 5.11.0 < 5.15.196 | 5.15.196 |
| linux | linux_kernel | >= 5.16.0 < 6.1.158 | 6.1.158 |
| linux | linux_kernel | >= 5.5.0 < 5.10.246 | 5.10.246 |
| linux | linux_kernel | >= 6.13.0 < 6.17.6 | 6.17.6 |
| linux | linux_kernel | >= 6.2.0 < 6.6.115 | 6.6.115 |
| linux | linux_kernel | >= 6.7.0 < 6.12.56 | 6.12.56 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
osv·2025-12-04
CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
The syzbot reported issue in hfs_find_set_zero_bits():
BUG: KMSAN: uninit-value in hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45
hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45
hfs_vbm_search_free+0x13c/0x5b0 fs/hfs/bitmap.c:151
hfs_extend_file+0x6a5/0x1b00 fs/hfs/extent.c:408
hfs_get_block+0x435/0x1150 fs/hfs/extent.c:353
__block_write_begin_int+0xa76/0x3030 fs/buffer.c:2151
block_write_begin fs/buffer.c:2262 [inline]
cont_write_begin+0x10e1/0x1bc0 fs/buffer.c:2601
hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52
cont_expand_zero fs/buffer.c:2528 [inline]
cont_write_begin+0x35a/0x1bc0 f
GHSA
GHSA-hvhr-9472-4fw9: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use a configura
ghsa_unreviewed·2025-03-26
CVE-2025-2528 [LOW] CWE-285 GHSA-hvhr-9472-4fw9: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use a configura
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use a configuration different from the one mandated by the system administrators.
This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.
Citrix
Citrix Security Bulletin CTX116930
vendor_citrix·CVSS 10.0
CVE-2008-2528 [CRITICAL] Citrix Security Bulletin CTX116930
Citrix Security Bulletin CTX116930
CVE References: CVE-2008-2528, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-26
Published