All news with #connectwise automate tag

ConnectWise fixes Automate AiTM update attack vulnerability

🔒 ConnectWise released a security update for Automate to fix two vulnerabilities including a critical 9.6-severity flaw (CVE-2025-11492) that can cause agents to use cleartext HTTP, enabling adversary-in-the-middle (AiTM) interception or modification of commands, credentials, and update payloads. A second 8.8-severity issue (CVE-2025-11493) omits integrity verification for update packages, allowing substituted malicious files. Cloud instances are patched to release 2025.9; on-premise administrators are urged to install the update within days.