CVE-2025-13765 - AskarLabs CVE Database

CVE-2025-13765

Vendor Devolutions

Product Server

Weakness CWE-200 · Info exposure

Published November 27, 2025

Last update December 1, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.

Key dates

02Disclosure timeline

November 27, 2025 CVE published

December 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13765 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-32229 CVE-2022-20955 Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities CVE-2023-41354 Chunghwa Telecom NOKIA G-040W-Q - Exposure of Sensitive Information CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files CVE-2023-52187 WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Identifiers

CVE CVE-2025-13765

CWE CWE-200

Affected versions

Vendor Devolutions

Product Server

Affected < 2025.2.21

Vendor Devolutions

Product Server

Affected < 2025.3.9