CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

CVE-2025-3935

ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys,...

ConnectWise ScreenConnect 授权问题漏洞

ConnectWise ScreenConnect is a self-hosted remote desktop software application from ConnectWise. A security vulnerability exists in ConnectWise ScreenConnect 25.2.3 and earlier versions that stems from ViewState code injection and could lead to remote code execution...

PT-2025-17934

Name of the Vulnerable Software and Affected Versions ScreenConnect versions 25.2.3 and earlier Description The issue concerns a ViewState code injection attack in ScreenConnect, which uses ASP.NET Web Forms to preserve page and control state. The data is encoded using Base64 and protected by...