PT-2025-48270 · Devolutions · Devolutions Server
Published
2025-11-27
·
Updated
2026-01-05
·
CVE-2025-13757
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Devolutions Server versions through 2025.2.20 and through 2025.3.8
Description
Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all stored passwords from the database. The issue enables data exfiltration from the database through a critical SQL injection vulnerability.
Recommendations
Devolutions Server versions prior to 2025.2.21 should be updated.
Devolutions Server versions prior to 2025.3.9 should be updated.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devolutions Server