Detections
Analytics
Devolutions Server <= 2025.1.11.0 / 2025.2.2.0 < 2025.2.4.0 Weak Credentials (DEVO-2025-0012) (CVE-2025-6523)
critical Nessus Plugin ID 242678
Language:
Synopsis
The Devolutions Server instance installed on the remote host is affected by a weak credentials vulnerability.Description
The version of Devolutions Server installed on the remote host is prior to 2025.1.11.0 or 2025.2.2.0 prior to 2025.2.4.0 and is, therefore, affected by a weak credentials vulnerability:- Use of weak credentials in emergency authentication component in Devolutions Server allows an unauthenticated attacker to bypass authentication via brute forcing the short emergency codes generated by the server within a feasible timeframe. This issue affects the following versions : * Devolutions Server 2025.2.2.0 through 2025.2.3.0 * Devolutions Server 2025.1.11.0 and earlier. (CVE-2025-6523)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Devolutions Server version 2025.2.4.0 or later.See Also
Plugin Details
Severity: Critical
ID: 242678
File Name: devolutions_server_DEVO-2025-0012_CVE-2025-6523.nasl
Version: 1.2
Type: local
Agent: windows
Family: Windows
Published: 7/24/2025
Updated: 7/25/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: High
Base Score: 7.3
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:P
CVSS Score Source: CVE-2025-6523
CVSS v3
Risk Factor: High
Base Score: 8.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
CVSS v4
Risk Factor: Critical
Base Score: 9.5
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:H
Vulnerability Information
CPE: x-cpe:/a:devolutions:remote_server
Required KB Items: SMB/Registry/Enumerated, installed_sw/Devolutions Server
Patch Publication Date: 7/22/2025
Vulnerability Publication Date: 7/22/2025
Reference Information
CVE: CVE-2025-6523
IAVB: 2025-B-0122