CVE-2025-2600

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2024.3.29 and earlier Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25

Description The issue is related to improper authorization in the variable component, allowing an authenticated password to use the ELEVATED PASSWORD variable, despite being restricted by the "Allow password in variable policy".

Recommendations For Devolutions Remote Desktop Manager versions 2024.3.29 and earlier, update to a version later than 2024.3.29 to resolve the issue. For Devolutions Remote Desktop Manager versions 2025.1.24 through 2025.1.25, update to a version later than 2025.1.25 to resolve the issue. As a temporary workaround, consider restricting access to the ELEVATED PASSWORD variable until a patch is available.