CVE-2025-6741_CVE-2025-6741

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature

This issue affects the following versions :

* Devolutions Server 2025.2.2.0 through 2025.2.4.0
*
Devolutions Server 2025.1.11.0 and earlier

Basic Information

ID CVE-2025-6741

Source DEVOLUTIONS

Published Jul 22, 2025 at 17:00

Modified Jul 22, 2025 at 18:38

Affected Product

Vendor Devolutions

Product Server

Affected Versions Devolutions Server 0
Devolutions Server 2025.2.2.0

CWE Classification

CWE-284

References

devolutions.net /security/advisories/DEVO-2025-0012/

{
    "lastseen": "",
    "description": "Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature\n\n\nThis issue affects the following versions :\n\n  *  Devolutions Server 2025.2.2.0 through 2025.2.4.0\n  *  \nDevolutions Server 2025.1.11.0 and earlier",
    "published": "2025-07-22T17:00:15.146Z",
    "modified": "2025-07-22T18:38:07.567Z",
    "type": "cve",
    "title": "CVE-2025-6741",
    "source": "DEVOLUTIONS",
    "references": "https://devolutions.net/security/advisories/DEVO-2025-0012/",
    "id": "CVE-2025-6741",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Devolutions Server 0\nDevolutions Server 2025.2.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Server",
    "version": "0",
    "vendor": "Devolutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}