CVE-2025-7204

Name of the Vulnerable Software and Affected Versions: ConnectWise PSA versions prior to 2025.9

Description: A vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests return an overly verbose user object, which includes encrypted password hashes for other users. An attacker or privileged user could use these exposed hashes to conduct offline brute-force or dictionary attacks, potentially leading to credential compromise and privilege escalation within the system.

Recommendations: Update ConnectWise PSA to version 2025.9 or later.