CVE-2025-5334

Опубликовано: 29 мая 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.

This issue affects the following versions :

Remote Desktop Manager Windows 2025.1.34.0 and earlier

Remote Desktop Manager macOS 2025.1.16.3 and earlier

Remote Desktop Manager Android 2025.1.3.3 and earlier *
Remote Desktop Manager iOS 2025.1.6.0 and earlier

Ссылки

https://devolutions.net/security/advisories/DEVO-2025-0009
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:-:macos:*:*

Версия до 2025.1.16.3 (включая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:free:windows:*:*

Версия до 2025.1.37.0 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:team:windows:*:*

Версия до 2025.1.37.0 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:-:iphone_os:*:*

Версия до 2025.2.0.0 (исключая)

cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:-:android:*:*

Версия до 2025.2.0.17 (исключая)

EPSS

Процентиль: 19%

0.00062

Низкий

7.5 High

CVSS3

Дефекты

CWE-359

CWE-200

Связанные уязвимости

GHSA-wg3r-h2gv-34fv

CVSS3: 7.5

github

8 месяцев назад

Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier

EPSS

Процентиль: 19%

0.00062

Низкий

7.5 High

CVSS3

Дефекты

CWE-359

CWE-200