ConnectWise launched a safety replace to handle vulnerabilities, one in every of them with essential severity, in Automate product that would expose delicate communications to interception and modification.
ConnectWise Automate is a distant monitoring and administration (RMM) platform utilized by managed service suppliers (MSPs), IT service firms, and inner IT departments in giant enterprises.
In typical deployments, it acts as a central administration hub with excessive priviliges to manage hundreds of shopper machines.
Probably the most extreme flaw the seller fastened is tracked as CVE-2025-11492. With a severity score of 9.6, the vulnerability permits cleartext transmission of delicate data.
Particularly, brokers could possibly be configured to speak over the insecure HTTP as an alternative of the encrypted HTTPS, which could possibly be exploited in adversary-in-the-middle (AitM) assaults to intercept or modify the visitors, together with instructions, credentials, and replace payloads.
“In on-prem environments, brokers could possibly be configured to make use of HTTP or depend on encryption, that would permit a network-based adversary to view or modify visitors or substitute malicious updates,” ConnectWise explains.
The second vulnerability is recognized as CVE-2025-11493 (8.8 severity rating) and consists in an absence of integrity verification (checksum or digital signature) for replace packages together with their dependencies and integrations.
By combining the 2 safety points, an attacker may push malicious information (e.g. malware, updates) as professional ones by impersonating a legitimate ConnectWise server.
ConnectWise marks the safety replace as a reasonable precedence. The corporate has addressed each issues for cloud-based situations, which have been up to date to the newest Automate launch, 2025.9.
The seller’s advice for directors of on-premise deployments is to take motion and set up the brand new launch as quickly as attainable (inside days).
The safety bulletin doesn’t point out energetic exploitation, however warns that the vulnerabilities “have increased threat of being focused by exploits within the wild.”
Risk actors have leveraged critical-severity flaws in ConnectWise merchandise previously. Earlier this yr, nation-state actors breached the corporate’s atmosphere immediately, with the assault impacting quite a few ScreenConnect prospects downstreram.
The incident compelled the seller to rotate all digital code signing certificates with which it verified executables for a spread of merchandise, to mitigate the chance of misuse.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration developments.
