CVE ID
CVE-2025-3935
Vulnerability Name
ConnectWise ScreenConnect Improper Authentication Vulnerability
- Project: ConnectWise
- Product: ScreenConnect
Date
- Date Added: 2025-06-02
- Due Date: 2025-06-23
Description
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935
Related Security News
- CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
- ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
- CISA warns of ConnectWise ScreenConnect bug exploited in attacks
Top comments (0)