PT-2025-48272 · Devolutions · Devolutions Server

Published

2025-11-27

Updated

2025-12-03

CVE-2025-13765

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.2.21 Devolutions Server versions prior to 2025.3.9

Description The email service credentials were exposed to users lacking administrative privileges in Devolutions Server.

Recommendations Update Devolutions Server to version 2025.2.21 or later. Update Devolutions Server to version 2025.3.9 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-15269

CVE-2025-13765

Affected Products

Devolutions Server

PT-2025-48272 · Devolutions · Devolutions Server

CVE-2025-13765

Weakness Enumeration

Related Identifiers

Affected Products

References · 9