CVE-2025-2277
Published: 13 March 2025
Description
Adversaries may use [Valid Accounts](https://attack.
Security Summary
CVE-2025-2277 affects the web-based SSH authentication component in Devolutions Server versions 2024.3.13 and earlier. The vulnerability stems from missing password masking, leading to the exposure of sensitive SSH passwords. It is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-522 (Insufficiently Protected Credentials), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), driven by high confidentiality impact.
Unauthenticated attackers with network access can exploit this issue with low attack complexity and no user interaction required. Exploitation allows remote adversaries to obtain exposed SSH passwords, potentially enabling unauthorized access to SSH services or further lateral movement within affected environments.
The Devolutions security advisory DEVO-2025-0004, available at https://devolutions.net/security/advisories/DEVO-2025-0004/, provides guidance on mitigation and patching for this vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in public-facing web SSH auth component enables unauthenticated exploitation for credential exposure (T1190, T1552) and subsequent SSH access (T1021.004).