ConnectWise has released patches for two critical vulnerabilities in its Automate RMM tool that could lead to man-in-the-middle attacks and tampering with updates. These fixes enforce HTTPS and TLS 1.2 to ensure secure communications, especially for on-premises deployments. #ConnectWise #AutomateVulnerabilities
Keypoints
- ConnectWise Automate version 2025.9 patches two critical vulnerabilities with high severity scores.
- The CVE-2025-11492 vulnerability allows interception of sensitive data transmitted in cleartext.
- The CVE-2025-11493 flaw involves a lack of integrity checks during code downloads, risking tampering.
- An attacker could perform man-in-the-middle attacks, view, modify, or replace updates on compromised networks.
- Organizations using on-premises Automate deployments are urged to update immediately to secure communications with HTTPS and TLS 1.2.
Read More: https://www.securityweek.com/connectwise-patches-critical-flaw-in-automate-rmm-tool/