ConnectWise has released an update to address several vulnerabilities, one of which has been assigned a 9.6 severity rating (CVE-2025-11492).
This bug allows the cleartext transmission of sensitive information, and would make agents communicate over insecure HTTP channels, rather than encrypted HTTPS. This insecure communication could allow a malicious actor to carry out a Man-in-the-Middle (MiTM) attack, in which they adversary intercepts messages and steals or modifies the data within them.
ConnectWise explained that: “In on-prem environments, agents could be configured to use HTTP or rely on encryption, that could allow a network-based adversary to view or modify traffic or substitute malicious updates.”
The second vulnerability addressed in ConnectWise’s update, tracked as CVE-2025-11493, was assigned a CVSS of 8.8. When combined with the first security vulnerability, it would allow attackers to mimic a valid ConnectWise server and push malicious files. This is a particularly high risk for environments where on-prem servers are not set up to enforce TLS 1.2 or higher.
Both bugs affect Automate, an RMM tool that allows enterprises and MSPs to manage connected devices across their network. The service allows IT teams to manage endpoints, monitor and resolve user issues, as well as facilitate patch management.
Urgent Remediation Recommended
ConnectWise has marked the security update as moderate and has addressed both vulnerabilities in the 2025.9 update to its Automate platform, which enforces HTTPS for all agent communications to mitigate these risks.
All partners using ConnectWise Automate should update their platform as a matter of high priority, and partners running on-prem servers should also ensure TLS 1.2 is enforced to maintain secure communications.
