PT-2025-42524 · Connectwise · Connectwise Automate Agent

Published

2025-10-16

Updated

2025-10-29

CVE-2025-11493

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ConnectWise Automate Agent (affected versions not specified)

Description The software does not fully validate the authenticity of downloaded files, including updates, dependencies, and integrations. This allows a man-in-the-middle attacker to substitute malicious files for legitimate ones by impersonating a legitimate server. The risk is present when HTTPS is not enforced.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-494

Related Identifiers

CVE-2025-11493

Affected Products

Connectwise Automate Agent

PT-2025-42524 · Connectwise · Connectwise Automate Agent

CVE-2025-11493

Weakness Enumeration

Related Identifiers

Affected Products

References · 12