CVE-2025-6523
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-11-25
Assigner: Devolutions Inc.
Description
Description
Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.
This issue affects the following versions :
* Devolutions Server 2025.2.2.0 through 2025.2.3.0
*
Devolutions Server 2025.1.11.0 and earlier
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | From 2022.3.1.0 (inc) to 2022.3.10.0 (inc) |
| devolutions | devolutions_server | From 2022.3.1.0 (inc) to 2022.3.10.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of weak credentials in the emergency authentication component of Devolutions Server. An unauthenticated attacker can bypass authentication by brute forcing the short emergency codes generated by the server within a feasible timeframe.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to the Devolutions Server by bypassing authentication, potentially leading to unauthorized control or access to sensitive systems or data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70