What the vulnerability does
01Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
CVSS base score
—
Key dates
02Disclosure timeline
November 27, 2025
CVE published
December 1, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-0305 Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure
CVE-2022-32740 Information disclosure in the External Interface
CVE-2025-12521 Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure
CVE-2021-22786
CVE-2024-3574 Authorization Header Leak During Cross-Domain Redirect in scrapy/scrapy
