ConnectWise ScreenConnect patches critical code execution flaw
Take action: Not urgent, but important. If you use on-premises ConnectWise ScreenConnect, plan an upgrade to version 25.8. The flaw is limited to users who are already admin, so it's not immediately exploitable. But an admin account can be compromised, so remind your admins of risks of infostealers and phishing.
Learn More
ConnectWise has released a security update for its ScreenConnect remote maintenance software to address a vulnerability that could allow authenticated attackers to execute arbitrary code on vulnerable servers.
The flaw is tracked as CVE-2025-14265 (CVSS score 9.1), and affects the extension subsystem and enables attackers with authorized or administrative-level access to install and execute untrusted or malicious extensions. The issue affects the ScreenConnect server component. The host and guest clients are not affected. by this particular vulnerability.
All ScreenConnect versions prior to 25.8 are affected. Despite the high CVSS score of 9.1, ConnectWise rates the priority as moderate (Priority 2), noting that exploitation requires the attacker to already possess authorized or administrative credentials.
The ScreenConnect released 25.8 patch to fix this flaw and has automatically updated all cloud-hosted ScreenConnect servers in the "screenconnect.com" and "hostedrmm.com" domains. On-premises ScreenConnect partners must manually upgrade to version 25.8 or later and update their guest clients to the same version. For Automate on-premises partners with ScreenConnect integration, administrators should first confirm that the Automate ScreenConnect Extension is updated to version 4.4.0.16 before upgrading the ScreenConnect server to version 25.8.
