CVE-2025-5334

CVE-2025-5334

Vendor Devolutions
Product Remote Desktop Manager
Weakness CWE-359
Published May 29, 2025
Last update June 10, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier

Key dates

02Disclosure timeline

May 29, 2025 CVE published
June 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id CVE-2024-29888 Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method CVE-2023-26041 Nextcloud Talk messages can still be seen on conversation after expiring when cron is misconfigured CVE-2021-3980 Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg CVE-2025-6017 Rhacm: users with clusterreader role can see credentials from managed-clusters