What vulnerabilities were discovered in ConnectWise Automate?

ConnectWise has released a security update to patch two vulnerabilities in ConnectWise Automate: CVE-2025-11492 (CVSS score 9.6), a Cleartext Transmission of Sensitive Information vulnerability, and CVE-2025-11493 (CVSS score 8.8), a Download of Code Without Integrity Check vulnerability. These flaws could allow network-based attackers to intercept, view, or modify agent communications and substitute malicious updates.

What is CVE-2025-11492?

CVE-2025-11492 is a critical vulnerability with a CVSS score of 9.6 involving Cleartext Transmission of Sensitive Information. This vulnerability allows adjacent network attackers to intercept sensitive communications transmitted without encryption, potentially exposing confidential client data, credentials, and system information. The flaw exists because agents in on-premises environments could be configured to communicate using unencrypted HTTP connections.

What is CVE-2025-11493?

CVE-2025-11493 is a high-severity vulnerability with a CVSS score of 8.8 involving Download of Code Without Integrity Check. This vulnerability enables attackers to substitute malicious code for legitimate agent updates due to insufficient integrity verification mechanisms. Without proper integrity checks, attackers can potentially deliver malware disguised as legitimate software updates.

What ConnectWise products are affected by these vulnerabilities?

ConnectWise Automate versions prior to 2025.9 are affected by both CVE-2025-11492 and CVE-2025-11493. The vulnerabilities impact on-premises deployments of ConnectWise Automate where agents could be configured to communicate without encryption or proper integrity verification.

What are the CVSS severity scores for the ConnectWise vulnerabilities?

CVE-2025-11492 has a CVSS score of 9.6, which is critical severity, and CVE-2025-11493 has a CVSS score of 8.8, which is high severity. The critical rating for CVE-2025-11492 reflects the serious risk of exposing sensitive data through unencrypted communications.

What can attackers do by exploiting these ConnectWise vulnerabilities?

Attackers exploiting CVE-2025-11492 can intercept sensitive communications transmitted without encryption, potentially exposing confidential client data, credentials, and system information. By exploiting CVE-2025-11493, attackers can substitute malicious code for legitimate agent updates, potentially delivering malware to managed systems. These vulnerabilities could allow network-based attackers to view, modify agent communications, and compromise managed endpoints.

Has ConnectWise patched these vulnerabilities?

Yes, ConnectWise has released a security update. ConnectWise Automate version 2025.9 and later versions are not vulnerable. Organizations using on-premise ConnectWise Automate should update to version 2025.9 or later. Organizations running cloud instances of ConnectWise Automate have already been automatically updated to the secure version.

What versions of ConnectWise Automate are vulnerable?

ConnectWise Automate versions prior to 2025.9 are affected by both CVE-2025-11492 and CVE-2025-11493. Version 2025.9 and later versions contain the security patches that address these vulnerabilities.

Are cloud instances of ConnectWise Automate affected?

Cloud instances of ConnectWise Automate were vulnerable but have already been automatically updated to the secure version by ConnectWise. Organizations running cloud instances do not need to take manual patching action, though they should verify the update was applied. The vulnerabilities primarily impact on-premises deployments that require manual updating.

What is the difference between how cloud and on-premise ConnectWise Automate users should respond?

Organizations running cloud instances of ConnectWise Automate have already been automatically updated to the secure version and do not need to take manual action. However, organizations using on-premise ConnectWise Automate must manually update to version 2025.9 or later and verify that TLS 1.2 or higher is enforced after updating to ensure proper encryption of agent communications.

What encryption should be enforced after updating ConnectWise Automate?

After updating on-premise ConnectWise Automate to version 2025.9 or later, organizations should verify that TLS 1.2 or higher is enforced. This ensures that all agent communications are properly encrypted and prevents the cleartext transmission vulnerability from being exploited.

Why are the ConnectWise Automate vulnerabilities considered serious?

The vulnerabilities are considered serious because CVE-2025-11492 with a CVSS score of 9.6 allows attackers to intercept unencrypted communications containing confidential client data, credentials, and system information. CVE-2025-11493 enables attackers to substitute malicious updates without detection due to lack of integrity verification. Together, these vulnerabilities could allow network-based attackers to compromise managed endpoints, steal sensitive data, and deploy malware across managed systems. ConnectWise Automate is widely used by managed service providers, making these vulnerabilities particularly impactful.

What type of attacker can exploit CVE-2025-11492?

CVE-2025-11492 can be exploited by adjacent network attackers, meaning attackers who have access to the same network segment as the vulnerable ConnectWise Automate agents. This could include attackers who have compromised other systems on the network or who have gained unauthorized network access. The vulnerability allows these attackers to intercept sensitive communications transmitted without encryption.

Advisory

ConnectWise Automate vulnerable to agent communication interception

Q: What should ConnectWise Automate users do about these vulnerabilities?

Organizations using on-premise ConnectWise Automate should immediately update to version 2025.9 or later and verify that TLS 1.2 or higher is enforced after updating. Organizations running cloud instances of ConnectWise Automate have already been automatically updated to the secure version and do not need to take manual action, though they should verify the update was applied.

published: Oct. 17, 2025

Take action: If you're running on-premises ConnectWise Automate (any version before 2025.9), plan an update to 2025.9 and then verify that TLS 1.2 or higher encryption is enforced for all agent communications. Otherwise, someone will find a way to inject malware in the packets reaching ConnectWise or the endpoints, and hack them.

Learn More

ConnectWise has released a security update for ConnectWise Automate to patch two vulnerabilities that could allow network-based attackers to intercept, view, or modify agent communications and substitute malicious updates.

ConnectWise Automate is a remote monitoring and management platform designed for managed service providers (MSPs) and IT professionals to remotely monitor, manage, and maintain client computers, servers, and networks from a centralized console.

The security flaws are caused by inadequate encryption requirements in previous versions of ConnectWise Automate. In on-premises environments, agents could be configured to communicate using unencrypted HTTP connections or could operate without encryption enforcement.

Vulnerabilities summary

CVE-2025-11492 (CVSS score 9.6): Cleartext Transmission of Sensitive Information - This critical vulnerability allows adjacent network attackers to intercept sensitive communications transmitted without encryption, potentially exposing confidential client data, credentials, and system information.
CVE-2025-11493 (CVSS score 8.8): Download of Code Without Integrity Check - This high-severity vulnerability enables attackers to substitute malicious code for legitimate agent updates due to insufficient integrity verification mechanisms.

ConnectWise Automate versions prior to 2025.9 are affected. Organizations using on-premise ConnectWise Automate should update and verify that TLS 1.2 or higher is enforced after updating. Organizations running cloud instances of ConnectWise Automate have already been automatically updated to the secure version.

ConnectWise Automate vulnerable to agent communication interception

Read More
Security Vulnerabilities in Xerox FreeFlow Core enable Server-Side …
Critical Plesk vulnerability enables privilege escalation, server compromise
Mailpit SSRF Vulnerability Exploited in Targeted Attacks
SolarWinds patches critical vulnerabilities in Serv-U
SAP February 2026 Updates Patch Critical CRM, S/4HANA …