CVE-2025-2499

Summary

CVE-2025-2499 is a client-side access control bypass vulnerability identified in the permission component of Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this issue by executing specific actions to bypass certain permission restrictions, including View Password, Edit Asset, and Edit Permissions. This vulnerability impacts Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. Successful exploitation could lead to unauthorized access or modification of sensitive information. Users are strongly encouraged to update their Remote Desktop Manager software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.