Critical ConnectWise Flaws Enable Malicious Update Injections

ConnectWise has urgently released a security update for its flagship remote monitoring and management platform, ConnectWise Automate, addressing two critical flaws that could expose agent communications and software updates to interception or malicious tampering.

The vulnerabilities, tracked as CVE-2025-11492 and CVE-2025-11493, carry high CVSS 3.1 scores of 9.6 and 8.8 respectively, signaling the potential for devastating impact if exploited.

Agents at Risk Through Cleartext Channels

In on-premises deployments of ConnectWise Automate versions prior to 2025.9, agents could be configured to use unencrypted HTTP channels or rely on weaker encryption settings.

This configuration opens the door for network-based adversaries to eavesdrop on sensitive data, modify in-transit traffic, or even inject unauthorized updates into the communication stream.

The more severe of these flaws, CVE-2025-11492 (CWE-319), allows attackers to view or alter agent communications without user interaction, leading to complete compromise of confidentiality, integrity, and availability.

• Unencrypted HTTP channels expose agent traffic to interception.
• Weak or misconfigured encryption allows man-in-the-middle attacks.
• Attackers can inject or tamper with updates unnoticed.

Code Integrity Bypass Enables Malicious Updates

The second vulnerability, CVE-2025-11493 (CWE-494), arises from the lack of integrity validation when agents download code updates.

Without strong integrity checks in place, threat actors could exploit man-in-the-middle positions to deliver and execute malicious payloads under the guise of legitimate software updates.

This loophole carries significant risk: by substituting harmful code, attackers could establish persistent footholds within corporate networks and evade traditional security controls.

• No integrity verification on downloaded update packages.
• Attackers can substitute malicious binaries during transit.
• Successful exploitation grants persistent network access.

Enforcing HTTPS and TLS 1.2 for Mitigation

To remediate these risks, ConnectWise Automate 2025.9 now enforces HTTPS for all agent communications, ensuring that data in transit is protected by robust encryption.

According to the report, Partners operating on-prem servers must update to version 2025.9 without delay and verify that Transport Layer Security (TLS) 1.2 is strictly enforced. Cloud customers have already received the patched version automatically.

Despite being classified as “Important” with a “Moderate” priority rating, these vulnerabilities pose a high practical risk—exploitable without authorization and likely to attract real-world attacks.

Organizations are advised to schedule the update as an emergency change or implement it within days to avoid potential compromise.

Detailed instructions for applying the 2025.9 release can be found in the ConnectWise Automate Release Notes 2025.9 on the official documentation portal.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Critical ConnectWise Flaws Enable Malicious Update Injections appeared first on Cyber Security News.