CVE-2025-1193

High

Published: 10 February 2025

Published

10 February 2025

Modified

28 March 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0025 47.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1193 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Devolutions Remote Desktop Manager. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Directly requires implementation of certificate validation requirements to ensure certificates match the intended host, preventing acceptance of fraudulent certificates in MITM attacks.

SC-23 Session Authenticity good match

prevent

Provides mechanisms to protect communications session authenticity, countering MITM exploitation of improper host validation in certificate checks.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of software flaws like the improper host validation vulnerability through timely patching.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Improper certificate/host validation (CWE-295) directly enables MITM attacks by allowing acceptance of fraudulent certificates, facilitating interception/modification of encrypted sessions as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host.

Deeper analysisAI

CVE-2025-1193, published on 2025-02-10, is an improper host validation vulnerability (CWE-295) in the certificate validation component of Devolutions Remote Desktop Manager versions 2024.3.19 and earlier on Windows. The flaw enables an attacker to conduct a man-in-the-middle (MITM) attack by presenting a certificate for a different host, allowing interception and modification of encrypted communications. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.

A remote attacker requires no privileges and can exploit this over the network with low attack complexity, though user interaction is necessary. By positioning themselves between the client and the remote host—such as on a compromised network or via phishing—the attacker can present a fraudulent certificate, tricking the software into accepting it. Successful exploitation allows the attacker to intercept sensitive data in transit and modify communications, potentially leading to session hijacking, credential theft, or injection of malicious content.

Mitigation details are outlined in the vendor advisory DEVO-2025-0001, available at https://devolutions.net/security/advisories/DEVO-2025-0001/. Security practitioners should consult this reference for patching instructions and workarounds applicable to affected versions.