CVE-2025-13757 identifies a critical SQL Injection vulnerability (CWE-89) in Devolutions Server, specifically within the component that manages last usage logs. This vulnerability allows an attacker to inject malicious SQL commands due to improper neutralization of special elements in SQL queries. The affected versions include all releases up to 2025.2.20 and 2025.3.8. The vulnerability is remotely exploitable over the network without requiring user interaction, but it does require low-level privileges (PR:L). The CVSS score of 8.8 reflects its high impact on confidentiality, integrity, and availability, indicating that successful exploitation could lead to unauthorized data access, data manipulation, or service disruption. Although no public exploits are currently known, the vulnerability's nature and ease of exploitation make it a significant threat. Devolutions Server is widely used for managing remote connections and credentials, making this vulnerability particularly dangerous as it could allow attackers to pivot within networks or exfiltrate sensitive information. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by organizations to reduce risk.

For European organizations, the impact of CVE-2025-13757 is substantial. Devolutions Server is commonly deployed in enterprises for secure remote access and credential management, critical for IT operations and business continuity. Exploitation could lead to unauthorized access to sensitive credentials and configuration data, enabling lateral movement and further compromise of internal systems. The integrity of logs and data could be manipulated, undermining forensic investigations and compliance efforts. Availability could also be affected if attackers disrupt the server's operation. This poses a significant risk to sectors such as finance, healthcare, government, and critical infrastructure, where secure remote access is essential. The breach of confidentiality and integrity could result in data leaks, regulatory penalties under GDPR, and reputational damage. Additionally, the ability to execute arbitrary SQL commands could facilitate ransomware deployment or persistent backdoors, escalating the threat landscape for European entities.

Organizations should immediately inventory their Devolutions Server deployments to identify affected versions. Until official patches are released, implement strict network segmentation to limit access to the server, restricting it to trusted administrative hosts only. Enforce the principle of least privilege by ensuring that accounts with access to the server have minimal necessary permissions. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the last usage logs functionality. Monitor logs and network traffic for unusual SQL queries or access patterns indicative of exploitation attempts. Prepare incident response plans specific to potential SQL injection exploitation, including rapid isolation and forensic analysis. Once patches become available, prioritize their deployment in all environments. Additionally, review and enhance input validation and sanitization mechanisms within the application to prevent similar vulnerabilities. Regularly update and audit security controls around remote access infrastructure to reduce attack surface.