ГлавнаяУязвимости → CVE-2025-11493
8.8высокая

CVE-2025-11493

Описание

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.

Затрагиваемое ПО
Connectwise Automate
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix