CVE-2025-13758
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-12-03
Assigner: Devolutions Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | to 2025.2.21.0 (exc) |
| devolutions | devolutions_server | From 2025.3.2.0 (inc) to 2025.3.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the exposure of credentials in unintended requests within Devolutions Server versions through 2025.2.20 and through 2025.3.8. This means that sensitive authentication information may be inadvertently sent or accessible in requests where it should not be, potentially allowing unauthorized parties to obtain these credentials.
How can this vulnerability impact me? :
The impact of this vulnerability is that attackers or unauthorized users could gain access to exposed credentials, which may lead to unauthorized access to the server or sensitive data, compromising the security and integrity of the system.