Description

Improper access control in Devolutions Server 2025.3.5.0 and earlier allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure.

INFO

Published Date :

2025-11-06T16:36:14.506Z

Last Modified :

2025-11-06T19:39:13.227Z

Source :

DEVOLUTIONS
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12808 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12808.

URL Resource
https://devolutions.net/security/advisories/DEVO-2025-0016 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System