Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

ConnectWise Patches Critical Flaw in Automate RMM Tool

Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations.

ConnectWise vulnerability

ConnectWise has rolled out patches for two vulnerabilities in the Automate remote monitoring and management (RMM) tool that could allow attackers to perform man-in-the-middle (MiTM) attacks.

Automate is an RMM tool for enterprises and managed service providers (MSPs) that allows organizations to identify, monitor, and manage all connected devices on a network.

Last week, ConnectWise released Automate version 2025.9 with patches for CVE-2025-11492 (CVSS score of 9.6), a critical-severity bug that allows attackers to intercept sensitive information that was being transmitted in cleartext.

Additionally, the company warned of a high-severity flaw in the RMM software, tracked as CVE-2025-11493 (CVSS score of 8.8), and described as the lack of integrity checks when downloading code.

These vulnerabilities, ConnectWise says, “could expose agent communications and updates to interception or tampering if certain configurations are used.”

Essentially, because agents deployed on premises may be configured to use HTTP or encryption, an attacker with access to the network could view or modify traffic, the company says.

Advertisement. Scroll to continue reading.

A threat actor performing an MiTM attack could also replace updates with malicious ones, the company warns.

“Automate 2025.9 patch enforces HTTPS for all agent communications to mitigate these risks. Partners running on-prem servers should also ensure TLS 1.2 is enforced to maintain secure communications,” ConnectWise says.

The company has rated the vulnerabilities as ‘important’, as they could lead to data compromise but require additional access for successful exploitation.

However, it has also assigned them a ‘moderate’ priority, which it typically gives to security defects “that are either being targeted or have higher risk of being targeted by exploits in the wild.”

All organizations using on-premises ConnectWise Automate deployments are advised to update their installations as soon as possible.

Related: Gladinet Patches Exploited CentreStack Vulnerability

Related: Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks

Related: ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact

Related: High-Severity Vulnerabilities Patched by Fortinet and Ivanti

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.