ConnectWise Automate cleartext transmission flaw (CVE-2025-11492)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-11492 in ConnectWise Automate exposes sensitive agent traffic over HTTP, creating adversary-in-the-middle risk for commands, credentials, and update payloads. The flaw is rated 9.6 severity and affects deployments where management traffic is not protected by HTTPS. A security update is available, and on-premise administrators are urged to install the new release within days.
Related Happenings
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
IBM API Connect CVE-2025-13915 mitigation guidance
Advisory/Mitigation
First: 31.12.2025 12:34
Last: 31.12.2025 12:34
Sources 1
About this happening:
**IBM** told customers to upgrade **IBM API Connect** to address **CVE-2025-13915**, a **critical authentication bypass** that can let **unauthenticated attackers** reach exposed...
IBM API Connect CVE-2025-13915 mitigation guidance
Advisory/MitigationAbout this happening: **IBM** told customers to upgrade **IBM API Connect** to address **CVE-2025-13915**, a **critical authentication bypass** that can let **unauthenticated attackers** reach exposed...
WatchGuard Fireware OS CVE-2025-9242 advisory and temporary workaround
Advisory/Mitigation
First: 21.10.2025 13:42
Last: 21.10.2025 13:42
Sources 1
About this happening:
WatchGuard issued a **security advisory** for **Firebox** and **Fireware OS** deployments affected by **CVE-2025-9242**, adding a **temporary workaround** for sites that cannot up...
WatchGuard Fireware OS CVE-2025-9242 advisory and temporary workaround
Advisory/MitigationAbout this happening: WatchGuard issued a **security advisory** for **Firebox** and **Fireware OS** deployments affected by **CVE-2025-9242**, adding a **temporary workaround** for sites that cannot up...
ConnectWise Automate code-download integrity flaw (CVE-2025-11493)
Vulnerability
First: 20.10.2025 15:31
Last: 20.10.2025 15:31
Sources 1
About this happening:
**ConnectWise Automate**'s **CVE-2025-11493** weakens code-download integrity in **RMM deployments**, creating risk that attackers can tamper with downloaded code and push malicio...
ConnectWise Automate code-download integrity flaw (CVE-2025-11493)
VulnerabilityAbout this happening: **ConnectWise Automate**'s **CVE-2025-11493** weakens code-download integrity in **RMM deployments**, creating risk that attackers can tamper with downloaded code and push malicio...
Timeline
-
17.10.2025 22:29 2 articles · 7mo ago
ConnectWise releases Automate security update
Mitigation Patch UpdateConnectWise released a security update for ConnectWise Automate to address CVE-2025-11492 (severity 9.6) and CVE-2025-11493 (severity 8.8). CVE-2025-11492 could expose sensitive agent traffic sent over HTTP instead of HTTPS, enabling adversary-in-the-middle interception or modification of commands, credentials, and update payloads, while CVE-2025-11493 lacked checksum or digital signature verification for update packages and related dependencies and integrations. ConnectWise said cloud-based instances were updated to Automate 2025.9 and advised on-premise administrators to install the new release within days because the flaws could be targeted in the wild.
Show sources
- ConnectWise fixes Automate bug allowing AiTM update attacks — www.bleepingcomputer.com — 17.10.2025 22:29
- ConnectWise fixes Automate bug allowing AiTM update attacks — www.bleepingcomputer.com — 17.10.2025 22:29