CVE-2025-13757 is an SQL Injection vulnerability identified in the Devolutions Server product, specifically affecting versions up to 2025.2.20 and 2025.3.8. The vulnerability arises from improper neutralization of special elements used in SQL commands within the last usage logs feature. This flaw allows an attacker to inject arbitrary SQL code, which can be executed by the backend database. Such injection can lead to unauthorized retrieval, modification, or deletion of sensitive data stored in the database, including potentially privileged credentials or configuration data managed by Devolutions Server. The vulnerability is classified under CWE-89, indicating a failure to properly sanitize or parameterize user input before incorporating it into SQL queries. Although no public exploits are currently reported, the nature of SQL Injection vulnerabilities makes them relatively straightforward to exploit, especially if the affected interface is exposed or accessible to attackers. Devolutions Server is widely used for privileged access management and remote connection management, making this vulnerability significant as it could compromise administrative controls and sensitive operational data. The lack of a CVSS score suggests the need for an independent severity assessment. Given the potential for full database compromise and the critical role of the product, this vulnerability represents a high risk. The vendor has not yet released patches, so organizations must rely on interim mitigations such as input validation, query parameterization, and restricting access to the affected functionality. Continuous monitoring for suspicious activity related to SQL injection attempts is also advised.

For European organizations, the impact of CVE-2025-13757 could be severe. Devolutions Server often manages privileged credentials and remote access to critical IT infrastructure, so exploitation could lead to unauthorized access to sensitive systems and data. Confidentiality could be breached through data exfiltration, integrity compromised by unauthorized data modification, and availability affected if attackers disrupt database operations or delete critical logs. This could result in operational downtime, regulatory non-compliance (especially under GDPR), and reputational damage. Sectors such as finance, healthcare, government, and critical infrastructure operators that rely on Devolutions Server for secure access management are particularly vulnerable. The ability to exploit this vulnerability without authentication increases the risk of widespread attacks, potentially targeting multiple organizations across Europe. The absence of known exploits currently provides a window for proactive defense, but the risk of future exploitation remains high.

1. Monitor Devolutions' official channels closely for the release of security patches addressing CVE-2025-13757 and apply them immediately upon availability. 2. Until patches are available, implement strict input validation and sanitization on all inputs related to the last usage logs feature to prevent injection of malicious SQL code. 3. Employ parameterized queries or prepared statements in any custom integrations or scripts interacting with Devolutions Server databases. 4. Restrict network access to the Devolutions Server management interfaces to trusted IP addresses and use VPNs or zero-trust network access solutions to limit exposure. 5. Enable detailed logging and monitor for unusual database queries or error messages indicative of SQL injection attempts. 6. Conduct regular security assessments and penetration testing focusing on injection vulnerabilities in Devolutions Server deployments. 7. Educate administrators and users about the risks of SQL injection and encourage prompt reporting of suspicious behavior. 8. Consider deploying Web Application Firewalls (WAFs) with rules tuned to detect and block SQL injection patterns targeting Devolutions Server endpoints.