CVE-2025-2278

CVE-2025-2278

Vendor Devolutions

Product Server

Weakness CWE-284

Published March 13, 2025

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.

Key dates

02Disclosure timeline

March 13, 2025 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2278 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE