Devolutions Remote Desktop Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Devolutions Remote Desktop Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (53)
CVE-2023-4373 — CVSS 9.8 (critical): Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19…
CVE-2023-5765 — CVSS 9.8 (critical): Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an…
CVE-2026-2590 — CVSS 9.8 (critical): Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop…
CVE-2024-6057 — CVSS 9.8 (critical): Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that…
CVE-2023-6593 — CVSS 9.8 (critical): Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the…
CVE-2023-5766 — CVSS 9.8 (critical): A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute…
CVE-2024-11621 — CVSS 8.8 (high): Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and…
CVE-2021-42098 — CVSS 8.8 (high): An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via…
CVE-2022-3641 — CVSS 8.8 (high): Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated…
CVE-2022-4287 — CVSS 8.8 (high): Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.3.26 and earlier on Windows allows…
CVE-2026-12161 — CVSS 8.8 (high): Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with…
CVE-2025-1193 — CVSS 8.1 (high): Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows…
CVE-2024-12149 — CVSS 8.1 (high): Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on…
CVE-2023-6288 — CVSS 7.8 (high): Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES…
CVE-2022-3780 — CVSS 7.5 (high): Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow…
CVE-2022-33995 — CVSS 7.5 (high): A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite…
CVE-2025-5334 — CVSS 7.5 (high): Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows…
CVE-2022-26964 — CVSS 7.4 (high): Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password…
CVE-2024-6492 — CVSS 7.4 (high): Exposure of Sensitive Information in edge browser session proxy feature in Devolutions Remote Desktop Manager 2024.2.14.0 and earlier on…
CVE-2024-6354 — CVSS 7.2 (high): Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated…
CVE-2026-13372 — CVSS 7.2 (high): Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through…
CVE-2022-3182 — CVSS 7.0 (high): Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows…
CVE-2025-2600 — CVSS 6.8 (medium): Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the…
CVE-2023-1980 — CVSS 6.5 (medium): Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor…
CVE-2023-1574 — CVSS 6.5 (medium): Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on…
CVE-2025-1636 — CVSS 6.5 (medium): Exposure of sensitive information in My Personal Credentials password history component in Devolutions Remote Desktop Manager 2024.3.29 and…
CVE-2023-1203 — CVSS 6.5 (medium): Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell…
CVE-2025-1635 — CVSS 6.5 (medium): Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows…
CVE-2025-13683 — CVSS 6.5 (medium): Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions…
CVE-2023-1202 — CVSS 6.5 (medium): Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions…
CVE-2022-3781 — CVSS 6.5 (medium): Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop…
CVE-2023-4417 — CVSS 6.5 (medium): Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows…
CVE-2022-2221 — CVSS 6.5 (medium): Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users…
CVE-2023-2282 — CVSS 6.5 (medium): Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an…
CVE-2024-2403 — CVSS 5.9 (medium): Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an…
CVE-2024-7421 — CVSS 5.5 (medium): An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to…
CVE-2026-12162 — CVSS 5.5 (medium): Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose…
CVE-2021-23922 — CVSS 5.4 (medium): An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in…
CVE-2024-11671 — CVSS 5.4 (medium): Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an…
CVE-2024-11670 — CVSS 5.4 (medium): Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows…
CVE-2024-0589 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows…
CVE-2025-2562 — CVSS 5.4 (medium): Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a…
CVE-2025-2499 — CVSS 5.4 (medium): Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can…
CVE-2021-28047 — CVSS 5.4 (medium): Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users…
CVE-2024-6055 — CVSS 4.7 (medium): Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on…
CVE-2022-1342 — CVSS 4.6 (medium): A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching…
CVE-2023-7047 — CVSS 4.4 (medium): Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager…
CVE-2024-11672 — CVSS 4.3 (medium): Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an…
CVE-2023-1939 — CVSS 4.3 (medium): No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote…
CVE-2024-3545 — CVSS 4.3 (medium): Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and…
CVE-2025-2528 — CVSS 3.6 (low): Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use…
CVE-2023-0463 — CVSS 3.3 (low): The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to…
CVE-2026-0747 — CVSS 3.3 (low): Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through…