On October 16, 2025, ConnectWise released a critical security update for its Automate platform, addressing severe vulnerabilities that could allow attackers to intercept sensitive data or inject malicious software updates. The patch, designated as version 2025.9, is crucial for safeguarding systems against potential exploits.
Understanding the Vulnerabilities
The identified vulnerabilities primarily affect on-premises installations, particularly those with misconfigurations that expose systems to network-based attacks. These issues arise in environments where agents utilize unencrypted HTTP traffic or outdated encryption protocols, creating opportunities for adversaries to exploit these weaknesses.
An attacker with access to the same local network could eavesdrop on communications or manipulate update downloads, potentially leading to data breaches or complete system compromise. ConnectWise has classified these flaws as Important with a moderate priority rating of 2, indicating that while they may not be immediately catastrophic, prompt action is necessary due to the risk of real-world exploitation.
Technical Breakdown of the Vulnerabilities
The update addresses two specific vulnerabilities, each requiring adjacent network access and capable of enabling high-impact attacks without user interaction:
1. CVE-2025-11492 (CWE-319: Cleartext Transmission of Sensitive Information)
– Base Score: 9.6
– Vector: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
– Description: This vulnerability involves the transmission of sensitive agent data in plaintext, posing a significant risk of credential or operational detail leakage across an expanded attack surface.
2. CVE-2025-11493 (CWE-494: Download of Code Without Integrity Check)
– Base Score: 8.8
– Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
– Description: This flaw allows for code downloads without verifying their integrity, enabling attackers to replace legitimate updates with malicious software.
These vulnerabilities affect all versions prior to 2025.9, impacting numerous IT service providers who rely on ConnectWise Automate for remote management.
Remediation Steps
For cloud-hosted instances, ConnectWise has automatically deployed the 2025.9 update, ensuring minimal disruption. On-premises users must manually apply the patch, which enforces HTTPS for all agent interactions and recommends enabling TLS 1.2 to prevent downgrade attacks.
Security experts emphasize the urgency of applying this update, especially in multi-tenant environments where a single compromised agent could affect multiple client networks.
Broader Implications
This release highlights the ongoing challenges in endpoint management security. As remote work continues to be prevalent, tools like ConnectWise Automate remain attractive targets for supply-chain-style attacks.
Organizations are advised to audit their configurations post-update to ensure encrypted channels are in place and to monitor for any unusual traffic. Delaying the application of this fix could expose systems to unnecessary risks in an already volatile threat landscape.
