157 matches found
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265
CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...
EUVD-2025-202687
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
ConnectWise ScreenConnect 安全漏洞
ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect versions prior to 25.8 that stems from insufficient validation of the extension subsystem and could lead to the execution of arbitrary code...
PT-2025-50611
Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 25.8 Description The ScreenConnect server component, in versions prior to 25.8, has insufficient server-side validation and integrity checks within its extension subsystem. This allows the installation and...
EUVD-2022-39481
Malicious code in bioql PyPI...
EUVD-2023-51388
Malicious code in bioql PyPI...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect
ScreenConnect CVE-2024-1709 Exploit Tool A Python tool to che...
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management RMM software, to deliver a fleshless loader that drops a remote access trojan RAT called AsyncRAT to steal sensitive data from compromised...
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence...
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management RMM executables due to security concerns. The company said it's doing so "due to concerns raised by a...
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software allows a perpetrator to execute arbitrary code.
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software lies in the deficiencies of the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted ViewState request...
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...
VulnCheck KEV: CVE-2025-3935
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...
ConnectWise ScreenConnect < 25.2.4 RCE
According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...
PT-2025-23026
Warning: High severity vulnerabilities in @Citrix XenServer VM Tools for Windows CVE-2025-27462, CVE-2025-27463, CVE-2025-27464 impact Windows VMs on XenServer 8.4 & Citrix Hypervisor 8.2 CU1 LTSR, risking sandbox escapes. Act now! Patch https://t.co/SF4q8mMyxr...
CVE-2023-47256
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings...
CVE-2023-47257
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages...