CVE-2025-13765
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-12-03
Assigner: Devolutions Inc.
Description
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| devolutions | devolutions_server | to 2025.2.21.0 (exc) |
| devolutions | devolutions_server | From 2025.3.2.0 (inc) to 2025.3.10.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the exposure of email service credentials to users who do not have administrative rights in Devolutions Server versions before 2025.2.21 and before 2025.3.9.
How can this vulnerability impact me? :
The exposure of email service credentials to unauthorized users could allow those users to access or misuse email services, potentially leading to unauthorized access, data leakage, or further compromise of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70