DEV Community

Cover image for CVE-2025-3935: ConnectWise ScreenConnect Improper Authentication Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2025-3935: ConnectWise ScreenConnect Improper Authentication Vulnerability

CVE ID

CVE-2025-3935

Vulnerability Name

ConnectWise ScreenConnect Improper Authentication Vulnerability

  • Project: ConnectWise
  • Product: ScreenConnect

Date

  • Date Added: 2025-06-02
  • Due Date: 2025-06-23

Description

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935

Related Security News

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)