New vulnerabilities have been identified in Devolutions Server, including a critical SQL injection flaw that could lead to data extraction. Organizations using affected versions should urgently update to prevent data breaches and unauthorized access. #DevolutionsServer #SQLInjection #VulnerabilityAlert
Keypoints
- Devolutions Server versions 2025.2.20 and earlier, and 2025.3.8 and earlier are affected by multiple vulnerabilities.
- The most critical flaw, CVE-2025-13757, allows attackers to inject SQL commands and exfiltrate sensitive data from the database.
- Two medium-severity vulnerabilities involve credential leakage during entry requests and improper access control in email service setup.
- Devolutions recommends updating to versions 2025.2.21 and 2025.3.9 or higher immediately to mitigate these risks.
- Failure to patch these vulnerabilities exposes organizations to data breaches, credential exposure, and privilege escalation.
Read More: https://thecyberexpress.com/devolutions-server-sql-injection-flaw/