CVE-2025-5334 is a high-severity vulnerability affecting Devolutions Remote Desktop Manager (RDM) across multiple platforms including Windows (versions 2025.1.34.0 and earlier), macOS (2025.1.16.3 and earlier), Android (2025.1.3.3 and earlier), and iOS (2025.1.6.0 and earlier). The vulnerability stems from a flaw in the user vaults component, which is designed to securely store private personal information such as credentials and sensitive data. Under specific conditions, when users edit entries in their personal vaults, these entries may be unintentionally moved to shared vaults. Shared vaults are accessible by other users, thereby exposing private personal information to unauthorized actors within the same environment. This exposure violates confidentiality principles and could lead to unauthorized access to sensitive credentials or data. The vulnerability requires the attacker to be an authenticated user with the ability to edit vault entries, and user interaction is necessary to trigger the unintended movement of data. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the potential for significant confidentiality, integrity, and availability impacts. The vulnerability is classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor) and CWE-200 (Information Exposure). No known exploits are currently reported in the wild, and no patches have been linked yet. The issue affects multiple operating systems, increasing the scope of impacted environments, especially in organizations relying on RDM for credential and session management.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of sensitive information managed within Remote Desktop Manager. Since RDM is widely used for managing remote connections and storing privileged credentials, unauthorized exposure of these credentials could lead to lateral movement within networks, privilege escalation, and potential data breaches. The inadvertent sharing of private vault entries could compromise user accounts and critical infrastructure access, undermining trust and compliance with data protection regulations such as GDPR. The impact extends beyond individual users to organizational security posture, potentially enabling attackers to gain footholds and access sensitive systems. Given the cross-platform nature of the vulnerability, organizations with diverse device ecosystems are particularly vulnerable. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but the risk remains high in environments with multiple users sharing RDM infrastructure. The lack of known exploits suggests the vulnerability is not yet actively exploited, but the high severity score and nature of the flaw warrant immediate attention to prevent potential abuse.

1. Immediate mitigation should include restricting edit permissions on user vault entries to only the most trusted users and limiting access to shared vaults to essential personnel. 2. Implement strict access controls and monitoring on RDM usage to detect unusual vault entry movements or access patterns. 3. Educate users about the risk of editing vault entries and encourage verification of vault locations after edits. 4. Until patches are available, consider segmenting RDM environments or using separate instances for sensitive user vaults to minimize cross-user exposure. 5. Regularly audit vault contents and access logs to identify any unauthorized data exposure. 6. Coordinate with Devolutions for timely updates and apply patches as soon as they are released. 7. Employ multi-factor authentication (MFA) for RDM access to reduce the risk of compromised accounts being used to exploit this vulnerability. 8. Review and update organizational policies on credential management and vault sharing to align with the principle of least privilege and data minimization.