Devolutions Warns of Severe RDM Vulnerabilities Allowing Encrypted Communication Interception

Devolutions, a leading provider of remote connection management solutions, has issued a security advisory addressing critical vulnerabilities affecting its Remote Desktop Manager (RDM) product across multiple platforms. These vulnerabilities could allow attackers to intercept and modify encrypted communications, potentially compromising sensitive data and systems.

The vulnerabilities stem from flaws in RDM’s certificate validation logic. On Windows platforms (CVE-2025-1193, CVSSv4 8.5), the certificate validation failed to validate the host, while on other platforms (CVE-2024-11621, CVSSv4 8.6), the validation was entirely missing, accepting any certificate without prompting users.

“Specifically, on the Windows platform, the certificate validation didn’t validate the host,” the advisory states. “On the other platforms, the certificate validation was missing and would accept any certificate without prompting the users.”

These vulnerabilities could allow attackers to perform man-in-the-middle attacks, intercepting and modifying encrypted traffic between users and remote systems. This could lead to the theft of credentials, unauthorized access to sensitive data.

Devolutions has released patches for all affected platforms. Users and administrators are strongly advised to upgrade immediately:

Platform	Vulnerable Versions	Fixed Version
Windows	2024.3.19 and earlier	2024.3.20.0+
macOS	2024.3.9.0 and earlier	2024.3.10.3+
Linux	2024.3.2.5 and earlier	2024.3.2.9+
Android	2024.3.3.7 and earlier	2024.3.4.2+
iOS	2024.3.3.0 and earlier	2024.3.4.0+
PowerShell	2024.3.6.0 and earlier	2024.3.7.0+

Organizations relying on Remote Desktop Manager should take immediate action to ensure they are running the latest secure versions.

Rate this post

💙 Support SecurityOnline.info

If this article helped you stay informed, please consider supporting us below.

PayPal

Related Posts:

💙 Support SecurityOnline.info

Leave a Reply Cancel reply