CVE-2025-3768

Published Jun 5, 2025

Last updated 15 days ago

CVSS medium 5.0

Overview

Description: Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
Source: security@devolutions.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5
Impact score: 3.4
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

security@devolutions.net: CWE-284
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DABAD46-A043-40C6-8F0F-4FBE06974C6B",
            "versionEndIncluding": "2025.1.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.