ConnectWise Resolves Automate Vulnerability to Guard Against AiTM Update Attacks

ConnectWise Addresses Critical Vulnerabilities in Automate Product

ConnectWise has recently released a security update to rectify vulnerabilities, including one with critical severity, in its Automate product. These vulnerabilities posed a risk of exposing sensitive communications to interception and modification.

ConnectWise Automate serves as a remote monitoring and management (RMM) platform utilized by managed service providers (MSPs), IT service companies, and internal IT departments within large enterprises. It functions as a central management hub with elevated privileges to oversee numerous client machines.

The most severe vulnerability that ConnectWise addressed, known as CVE-2025-11492 with a severity rating of 9.6, allowed for the cleartext transmission of sensitive information. This flaw permitted agents to communicate over insecure HTTP instead of encrypted HTTPS, potentially enabling adversary-in-the-middle (AitM) attacks to intercept or modify traffic, including commands, credentials, and update payloads.

Another vulnerability, identified as CVE-2025-11493 with an 8.8 severity score, involved a lack of integrity verification for update packages, their dependencies, and integrations. By exploiting these security issues in tandem, an attacker could maliciously push files as legitimate ones by impersonating a valid ConnectWise server.

ConnectWise has categorized the security update as a moderate priority. While cloud-based instances have already been updated to the latest Automate release, 2025.9, administrators of on-premise deployments are advised to promptly install the new release to mitigate potential risks.

Although there is no mention of active exploitation in the security bulletin, ConnectWise warns that the vulnerabilities present a higher risk of being targeted by exploits in the wild. Notably, threat actors have previously exploited critical-severity flaws in ConnectWise products, prompting the company to undertake measures such as rotating digital code signing certificates to enhance security.

Picus Blue Report 2025 Highlights Password Security Concerns