Devolutions: >> Devolutions Server >> 2025.3.11.0 Security Vulnerabilities
Improper
access control in multiple DVLS REST API endpoints in Devolutions
Server 2025.3.14.0 and earlier allows an authenticated user with view-only permission to access sensitive connection data.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-24
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-24
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
CVSS Score
9.8
EPSS Score
0.0
Published
2026-01-19
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
CVSS Score
7.6
EPSS Score
0.0
Published
2026-01-19
Page 2