CVE-2025-6741 HIGH

CVE-2025-6741

Vendor Devolutions

Product Server

Weakness CWE-284

Published July 22, 2025

Last update November 25, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.4.0 * Devolutions Server 2025.1.11.0 and earlier

Key dates

02Disclosure timeline

July 22, 2025 CVE published

November 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6741 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2025-6741

CWE CWE-284

CVSS 7.1 / HIGH

Affected versions

Vendor Devolutions

Product Server

Affected ≤ 2025.1.11.0

Vendor Devolutions

Product Server

Affected ≥ 2025.2.2.0 and ≤ 2025.2.4.0

CVE-2025-6741

01Description

02Disclosure timeline

03References

04Related CVE