CVE-2025-1635 - AskarLabs CVE Database

CVE-2025-1635

Vendor Devolutions

Product Remote Desktop Manager

Weakness CWE-200 · Info exposure

Published March 13, 2025

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic.

Key dates

02Disclosure timeline

March 13, 2025 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1635 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2018-10852 CVE-2025-52898 Frappe account takeover via password reset token leakage CVE-2025-4523 IDonate 2.0.0 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via admin_donor_profile_view Function CVE-2021-0210 Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session CVE-2024-25130 Tuleap's mass update clears the permissions on artifact field