What is it?
ConnectWise ScreenConnect provides remote support (remote control) to help you support your staff. Remote Control software is naturally an attractive target for cyber attackers.
ConnectWise ScreenConnect 25.7 and prior are affected by a bug in the server-side validation and integrity checking system.
This bug allows the installation of untrusted or arbitrary extensions.
Why is it a risk?
By installing arbitrary extensions, attackers may custom code on the server and access server configuration data.
The CVETodo link below provides more details.
ConnectWise rates this threat as CRITICAL risk.
How can you mitigate the risk?
ConnectWise provides a Security Patch for ScreenConnect (link below) to mitigate this risk.
Resources:
ConnectWise Security Patch
https://cvetodo.com/cve/CVE-2025-14265
