ConnectWise Automate code-download integrity flaw (CVE-2025-11493)
Vulnerability
Summary
Hide ▲
Show ▼
ConnectWise Automate's CVE-2025-11493 weakens code-download integrity in RMM deployments, creating risk that attackers can tamper with downloaded code and push malicious updates in certain configurations. ConnectWise released Automate 2025.9 to patch the flaw and told on-premises users to update as soon as possible. The bug is rated CVSS 8.8, reflecting a high-severity weakness in update handling.
Related Happenings
WatchGuard Fireware OS CVE-2025-9242 advisory and temporary workaround
Advisory/Mitigation
First: 21.10.2025 13:42
Last: 21.10.2025 13:42
Sources 1
About this happening:
WatchGuard issued a **security advisory** for **Firebox** and **Fireware OS** deployments affected by **CVE-2025-9242**, adding a **temporary workaround** for sites that cannot up...
WatchGuard Fireware OS CVE-2025-9242 advisory and temporary workaround
Advisory/MitigationAbout this happening: WatchGuard issued a **security advisory** for **Firebox** and **Fireware OS** deployments affected by **CVE-2025-9242**, adding a **temporary workaround** for sites that cannot up...
ConnectWise Automate cleartext transmission flaw (CVE-2025-11492)
Vulnerability
First: 17.10.2025 22:29
Last: 17.10.2025 22:29
Sources 1
About this happening:
**CVE-2025-11492** in **ConnectWise Automate** exposes sensitive agent traffic over **HTTP**, creating **adversary-in-the-middle** risk for **commands, credentials, and update pay...
ConnectWise Automate cleartext transmission flaw (CVE-2025-11492)
VulnerabilityAbout this happening: **CVE-2025-11492** in **ConnectWise Automate** exposes sensitive agent traffic over **HTTP**, creating **adversary-in-the-middle** risk for **commands, credentials, and update pay...
Timeline
-
20.10.2025 15:31 2 articles · 7mo ago
ConnectWise patches CVE-2025-11493 in Automate 2025.9
Mitigation Patch UpdateConnectWise released Automate 2025.9 to address CVE-2025-11493, a high-severity flaw in the Automate RMM software described as a lack of integrity checks when downloading code. In certain on-premises configurations, a network-positioned attacker could tamper with agent communications or replace downloaded updates with malicious ones, so ConnectWise advises customers to install the update, enforce HTTPS for agent communications, and ensure TLS 1.2 is enabled on on-premises servers.
Show sources
- ConnectWise Patches Critical Flaw in Automate RMM Tool — www.securityweek.com — 20.10.2025 15:31
- ConnectWise Patches Critical Flaw in Automate RMM Tool — www.securityweek.com — 20.10.2025 15:31