CVE-2025-2277
Published: 13 March 2025
Summary
CVE-2025-2277 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Devolutions Devolutions Server. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-6 (Authentication Feedback) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires obscuring feedback of authentication information, such as masking SSH passwords during web-based input to prevent visual exposure to unauthorized viewers.
Mandates protection of authenticators like SSH passwords commensurate with their sensitivity, addressing disclosure risks in authentication components.
Requires timely identification, reporting, and correction of flaws like missing password masking, directly mitigating the vulnerability through remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing web SSH auth component enables unauthenticated exploitation for credential exposure (T1190, T1552) and subsequent SSH access (T1021.004).
NVD Description
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
Deeper analysisAI
CVE-2025-2277 affects the web-based SSH authentication component in Devolutions Server versions 2024.3.13 and earlier. The vulnerability stems from missing password masking, leading to the exposure of sensitive SSH passwords. It is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-522 (Insufficiently Protected Credentials), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), driven by high confidentiality impact.
Unauthenticated attackers with network access can exploit this issue with low attack complexity and no user interaction required. Exploitation allows remote adversaries to obtain exposed SSH passwords, potentially enabling unauthorized access to SSH services or further lateral movement within affected environments.
The Devolutions security advisory DEVO-2025-0004, available at https://devolutions.net/security/advisories/DEVO-2025-0004/, provides guidance on mitigation and patching for this vulnerability.
Details
- CWE(s)