CVE-2025-6523_CVE-2025-6523

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.

This issue affects the following versions :

* Devolutions Server 2025.2.2.0 through 2025.2.3.0
*
Devolutions Server 2025.1.11.0 and earlier

Basic Information

ID CVE-2025-6523

Source DEVOLUTIONS

Published Jul 22, 2025 at 17:00

Modified Jul 22, 2025 at 18:41

Affected Product

Vendor Devolutions

Product Server

Affected Versions Devolutions Server 0
Devolutions Server 2025.2.2.0

CWE Classification

CWE-1391

References

devolutions.net /security/advisories/DEVO-2025-0012/

{
    "lastseen": "",
    "description": "Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe.\n\nThis issue affects the following versions :\n\n  *  Devolutions Server 2025.2.2.0 through 2025.2.3.0\n  *  \nDevolutions Server 2025.1.11.0 and earlier",
    "published": "2025-07-22T17:00:10.697Z",
    "modified": "2025-07-22T18:41:36.063Z",
    "type": "cve",
    "title": "CVE-2025-6523",
    "source": "DEVOLUTIONS",
    "references": "https://devolutions.net/security/advisories/DEVO-2025-0012/",
    "id": "CVE-2025-6523",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1391"
    ],
    "cvelist": null,
    "sourceData": "Devolutions Server 0\nDevolutions Server 2025.2.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Server",
    "version": "0",
    "vendor": "Devolutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}