CVE-2025-3768 is a medium-severity vulnerability classified under CWE-284 (Improper Access Control) affecting Devolutions Server versions 2025.1.10.0 and earlier. The vulnerability arises from improper access control in the Tor network blocking feature. Specifically, when the Devolutions hosted endpoint is unreachable, an authenticated user with low privileges can bypass the Tor blocking mechanism. This means that the intended restriction to prevent connections via the Tor network can be circumvented by an authenticated user if the server cannot reach its hosted endpoint, potentially allowing unauthorized or less restricted access through Tor. The vulnerability requires authentication but no user interaction beyond that, and the attack vector is network-based. The CVSS v3.1 score is 5.0 (medium), reflecting limited confidentiality, integrity, and availability impacts, with a higher attack complexity due to the need for authentication and the specific condition of the hosted endpoint being unreachable. No known exploits are reported in the wild, and no patches have been linked yet, indicating that mitigation may currently rely on configuration or monitoring.

For European organizations using Devolutions Server, especially those relying on the Tor blocking feature for security or compliance reasons, this vulnerability could undermine network access controls. Attackers or malicious insiders with valid credentials could bypass restrictions designed to block Tor traffic, potentially enabling anonymized access to sensitive systems or data. This could facilitate unauthorized data access, lateral movement, or evasion of network monitoring and logging controls. While the impact on confidentiality, integrity, and availability is rated low to medium, the ability to circumvent access controls could be leveraged in multi-stage attacks or insider threat scenarios. Organizations in regulated sectors such as finance, healthcare, or government, where anonymized access is a concern, may face increased risk. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed.

1. Monitor network traffic for unusual Tor-related connections, especially from authenticated users, to detect potential bypass attempts. 2. Restrict authentication to Devolutions Server to trusted personnel and enforce strong authentication mechanisms (e.g., MFA) to reduce risk from low-privilege users. 3. Ensure high availability and connectivity to the Devolutions hosted endpoint to prevent the condition where the Tor blocking feature can be bypassed. 4. Implement additional network-level Tor blocking or detection controls outside of Devolutions Server to provide defense in depth. 5. Regularly review and audit access logs for signs of Tor usage or access control bypass. 6. Stay updated with Devolutions for patches or official mitigations and apply them promptly once available. 7. Consider isolating critical systems or sensitive data behind additional access controls that do not rely solely on the Tor blocking feature.