{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:30:36.848","vulnerabilities":[{"cve":{"id":"CVE-2025-3768","sourceIdentifier":"security@devolutions.net","published":"2025-06-05T14:15:32.103","lastModified":"2025-07-02T13:06:47.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable."},{"lang":"es","value":"El control de acceso inadecuado en la función de bloqueo de la red Tor en Devolutions Server 2025.1.10.0 y versiones anteriores permite que un usuario autenticado omita la función de bloqueo de Tor cuando el endpoint alojado en Devolutions no es accesible."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}]},"weaknesses":[{"source":"security@devolutions.net","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devolutions:devolutions_server:*:*:*:*:*:*:*:*","versionEndIncluding":"2025.1.10.0","matchCriteriaId":"7DABAD46-A043-40C6-8F0F-4FBE06974C6B"}]}]}],"references":[{"url":"https://devolutions.net/security/advisories/DEVO-2025-0011/","source":"security@devolutions.net","tags":["Vendor Advisory"]}]}}]}