ConnectWise launched a safety replace to handle vulnerabilities, one in every of them with vital severity, in Automate product that would expose delicate communications to interception and modification.
ConnectWise Automate is a distant monitoring and administration (RMM) platform utilized by managed service suppliers (MSPs), IT service firms, and inside IT departments in massive enterprises.
In typical deployments, it acts as a central administration hub with excessive priviliges to regulate 1000’s of shopper machines.
Essentially the most extreme flaw the seller mounted is tracked as CVE-2025-11492. With a severity ranking of 9.6, the vulnerability permits cleartext transmission of delicate data.
Particularly, brokers might be configured to speak over the insecure HTTP as an alternative of the encrypted HTTPS, which might be exploited in adversary-in-the-middle (AitM) assaults to intercept or modify the visitors, together with instructions, credentials, and replace payloads.
“In on-prem environments, brokers might be configured to make use of HTTP or depend on encryption, that would permit a network-based adversary to view or modify visitors or substitute malicious updates,” ConnectWise explains.
The second vulnerability is recognized as CVE-2025-11493 (8.8 severity rating) and consists in a scarcity of integrity verification (checksum or digital signature) for replace packages together with their dependencies and integrations.
By combining the 2 safety points, an attacker may push malicious information (e.g. malware, updates) as respectable ones by impersonating a sound ConnectWise server.
ConnectWise marks the safety replace as a reasonable precedence. The corporate has addressed each issues for cloud-based situations, which have been up to date to the most recent Automate launch, 2025.9.
The seller’s suggestion for directors of on-premise deployments is to take motion and set up the brand new launch as quickly as potential (inside days).
The safety bulletin doesn’t point out energetic exploitation, however warns that the vulnerabilities “have greater danger of being focused by exploits within the wild.”
Menace actors have leveraged critical-severity flaws in ConnectWise merchandise up to now. Earlier this yr, nation-state actors breached the corporate’s atmosphere instantly, with the assault impacting a variety of ScreenConnect clients downstreram.
The incident compelled the seller to rotate all digital code signing certificates with which it verified executables for a variety of merchandise, to mitigate the chance of misuse.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.