CVE-2025-2600

{"id": "CVE-2025-2600", "cveTags": [], "metrics": {}, "published": "2025-03-26T18:15:26.437", "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0005/", "source": "security@devolutions.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@devolutions.net", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated password to use the ELEVATED_PASSWORD variable even though not allowed by the \"Allow password in variable policy\". \n\n\n\n\n\nThis issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29."}, {"lang": "es", "value": "Una autorizaci\u00f3n incorrecta en el componente variable de Devolutions Remote Desktop Manager en Windows permite que una contrase\u00f1a autenticada use la variable ELEVATED_PASSWORD, aunque la pol\u00edtica \"Permitir contrase\u00f1a en variable\" no lo permita. Este problema afecta a las versiones de Remote Desktop Manager desde la 2025.1.24 hasta la 2025.1.25, y a todas las versiones hasta la 2024.3.29."}], "lastModified": "2025-03-27T16:45:27.850", "sourceIdentifier": "security@devolutions.net"}