Devolutions: >> Devolutions Server >> 2025.3.7.0 Security Vulnerabilities
Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-24
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-24
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-19
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
CVSS Score
7.6
EPSS Score
0.0
Published
2026-01-19
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-28
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-11-27
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-27
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-11-27
Page 2