Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ConnectWise Automate security update (CVE-2025-11492, CVE-2025-11493)

Security Patch Release
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

ConnectWise released a security update for Automate after fixing CVE-2025-11492 and CVE-2025-11493, closing flaws that could let attackers intercept or tamper with sensitive communications and update traffic. Cloud instances were already updated to Automate 2025.9, while on-prem deployments were told to install the new release as soon as possible. The bulletin did not mention active exploitation, but it warned the issues have a higher risk of being targeted by exploits in the wild.

Related Happenings

Drupal core security update for CVE-2026-9082

Security Patch Release
First: 22.05.2026 16:14 Last: 22.05.2026 16:14 Sources 1

About this happening: **Drupal** released security updates for **CVE-2026-9082**, a highly critical SQL injection flaw affecting **PostgreSQL**-backed sites, and urged administrators to **upgrade immed...

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

Timeline

  1. 17.10.2025 22:29 3 articles · 7mo ago

    ConnectWise releases Automate security update

    Mitigation Patch Update

    ConnectWise released a security update for ConnectWise Automate to fix CVE-2025-11492 (9.6) and CVE-2025-11493 (8.8), reducing risk that agents configured for HTTP instead of HTTPS could expose commands, credentials, and update payloads to adversary-in-the-middle (AitM) interception or modification. The update also addressed missing checksum or digital-signature integrity verification for update packages and integrations, with cloud-based instances moved to Automate 2025.9 and on-premise administrators told to install the new release as soon as possible.

    Show sources
    Open in new tab