Devolutions: >> Devolutions Server >> 2025.3.16.0 Security Vulnerabilities
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-20
Improper
input validation in the error message page in Devolutions Server 2025.3.16 and earlier allows remote attackers to spoof the displayed error message via a specially crafted URL.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-03
Page 3