cbcvebase.
CVE-2025-2528
published 2025-03-26

CVE-2025-2528: Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration…

PriorityP414low3.6CVSS 3.1
AVLACHPRLUINSUCLILAN
EPSS
0.16%
6.0th percentile
Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a configuration different from the one mandated by the system administrators. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Affected

11 ranges
VendorProductVersion rangeFixed in
devolutionsremote_desktop_manager< 2024.3.31.02024.3.31.0
devolutionsremote_desktop_manager<= 2024.3.29
devolutionsremote_desktop_manager2025.1.24 – 2025.1.25
devolutionsremote_desktop_manager>= 2025.1.24.0 < 2025.1.26.02025.1.26.0
linuxlinux_kernel>= 2.6.12 < 5.4.3015.4.301
linuxlinux_kernel>= 5.11.0 < 5.15.1965.15.196
linuxlinux_kernel>= 5.16.0 < 6.1.1586.1.158
linuxlinux_kernel>= 5.5.0 < 5.10.2465.10.246
linuxlinux_kernel>= 6.13.0 < 6.17.66.17.6
linuxlinux_kernel>= 6.2.0 < 6.6.1156.6.115
linuxlinux_kernel>= 6.7.0 < 6.12.566.12.56
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.