Critical Security Update issued for ConnectWise Automate: Protect Your Systems Now
ConnectWise has released a security update for its Automate remote monitoring and management (RMM) platform to address two significant vulnerabilities that could allow attackers to compromise your systems. These flaws, impacting both cloud and on-premise deployments, require immediate attention, particularly if you manage an on-premise installation.
Here’s a breakdown of the issues and what you need to do to protect your environment.
Understanding the vulnerabilities
The first vulnerability, identified as CVE-2025-11492, centers around insecure communication channels. It allows a network-based attacker to perhaps intercept or modify traffic, including sensitive commands, credentials, and update payloads. In on-premise environments, reliance on unencrypted HTTP or weak encryption could expose your Automate instance to this risk.
The second vulnerability, CVE-2025-11493 (severity score of 8.8), involves a lack of integrity verification for update packages. This means updates, along with thier associated dependencies and integrations, aren’t properly checked for tampering.
Combining these two vulnerabilities creates a hazardous scenario. An attacker could impersonate a legitimate ConnectWise server and deliver malicious files – such as malware disguised as legitimate updates – directly to your systems.
What’s Been Done & What You need To Do
ConnectWise has already addressed these vulnerabilities for all cloud-based instances, updating them to the latest Automate release (2025.9).
Though, if you are running an on-premise deployment, you must take action. ConnectWise recommends installing the new release as soon as possible – ideally within days. This is not a situation to delay.
While there’s currently no evidence of active exploitation, ConnectWise warns that these vulnerabilities pose a heightened risk of being targeted by attackers.
Why This Matters: A History of ConnectWise Security Incidents
This isn’t the first time ConnectWise products have been targeted. Previously, critical flaws in ScreenConnect were actively exploited. Earlier this year, a nation-state actor breached ConnectWise’s environment, impacting numerous ScreenConnect customers.
Following that breach, ConnectWise was forced to rotate all its digital code signing certificates to prevent misuse of legitimate software. This history underscores the importance of proactively addressing security vulnerabilities in ConnectWise products.
Key Takeaways & Recommendations
* Immediate action Required: if you use ConnectWise Automate on-premise, update to release 2025.9 immediately.
* Prioritize Updates: Regularly apply security updates to all your software, not just ConnectWise products.
* Network security: Ensure your network is properly segmented and secured to limit the impact of potential breaches.
* Stay Informed: Monitor security advisories from connectwise and other vendors to stay ahead of emerging threats.
* Consider Cloud Deployment: If feasible, migrating to a cloud-based deployment can offload some of the security burden to the vendor.
Protecting your systems requires vigilance and a proactive approach to security. don’t wait for an attack to happen - take action now to mitigate these vulnerabilities and safeguard your data.
