ConnectWise released updates to fix several security flaws impacting its Automate remote monitoring and management software, according to BleepingComputer.The most significant of the addressed vulnerabilities is a critical bug, tracked as CVE-2025-11492, which could be exploited to facilitate agent communications via insecure HTTP and subsequent adversary-in-the-middle attacks for traffic manipulation and payload updates.ConnectWise also patched a high-severity flaw tracked as CVE-2025-11493. Both security issues could be leveraged by threat actors to spoof legitimate ConnectWise servers and spread malicious updates and malware, noted ConnectWise.The company urged immediate installation of Automate version 2025.9 to mitigate the risks associated with both security issues.This action comes months after a limited number of organizations using the ConnectWise ScreenConnect RMM tool were compromised following the breach of ConnectWise's environment. ConnectWise promptly rotated all digital code signing certificates as a result of the incident.
Vulnerability Management, Channel technologies
ConnectWise Addresses Multiple Automate Vulnerabilities
Adobe Stock
You can skip this ad in 5 seconds