CVE-2025-6741

High CVSS 7.7

Overview

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature

This issue affects the following versions :

* Devolutions Server 2025.2.2.0 through 2025.2.4.0
*
Devolutions Server 2025.1.11.0 and earlier

CWE: CWE-284 Published: 2025-07-22T17:15:34.057

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.7 (HIGH)
Detected tags: misconfiguration (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags