Vulnerability Database

299,038

Total vulnerabilities in the database

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.

Published: Oct 16, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-11493
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-494

Affected Software
References

Software	From	Fixed in
connectwise / automate	-	2025.9

https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo