ConnectWise released a critical security update for its Automate platform on October 16, 2025. The patch, version 2025.9, addresses serious flaws in agent communications that could let attackers intercept sensitive data or push malicious software updates.
These vulnerabilities primarily affect on-premises installations, where misconfigurations might expose systems to network-based exploits.
The issues stem from environments where agents rely on unencrypted HTTP traffic or outdated encryption protocols.
A nearby adversary, perhaps on the same local network, could eavesdrop on transmissions or tamper with update downloads, potentially leading to data breaches or full system compromise.
ConnectWise classified the flaws as “Important” in severity, with a moderate priority rating of 2, signaling that while not immediately catastrophic, they warrant swift action due to the risk of real-world targeting.
ConnectWise Vulnerabilities
At the heart of the update are two specific vulnerabilities, detailed below in a breakdown of their technical attributes. Both require adjacent network access but could enable high-impact attacks without user interaction.
| CVE ID | CWE ID | Description | Base Score | Vector (CVSS:3.1) |
|---|---|---|---|---|
| CVE-2025-11492 | CWE-319 | Cleartext Transmission of Sensitive Information | 9.6 | AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| CVE-2025-11493 | CWE-494 | Download of Code Without Integrity Check | 8.8 | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
The first CVE involves transmitting sensitive agent data in plain text, earning a near-perfect score for its potential to leak credentials or operational details across a scope-expanding attack surface.
The second flaw allows code downloads without verifying integrity, opening the door for attackers to substitute legitimate updates with malware.
Affected versions include all prior to 2025.9, impacting thousands of IT service providers who use ConnectWise Automate for remote management.
Remediation is straightforward but urgent. For cloud-hosted instances, ConnectWise has already rolled out the 2025.9 update automatically, ensuring minimal disruption.
On-premises users must manually apply the patch, which enforces HTTPS for all agent interactions and recommends enabling TLS 1.2 to prevent downgrade attacks.
Security experts urge immediate compliance, especially in multi-tenant setups where one compromised agent could ripple across client networks.
This release underscores the ongoing cat-and-mouse game in endpoint management security. As remote work persists, tools like ConnectWise Automate remain prime targets for supply-chain-style assaults.
Organizations should audit their configurations post-update to verify encrypted channels and monitor for anomalous traffic. With exploits potentially emerging soon, delaying the fix could invite unnecessary risks in an already volatile threat landscape.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
