Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code

ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. However, if these machine keys are compromised through privileged system-level access, attackers could craft and send malicious ViewState data to vulnerable ScreenConnect websites, potentially achieving remote code execution on the server. “It is crucial to understand that this issue could potentially impact any product utilizing ASP.NET framework ViewStates, and ScreenConnect is not an outlier,” ConnectWise stated in its security bulletin. “Microsoft has identified over 3,000 publicly disclosed keys that could be used for these types of attacks,” noted security researchers tracking the issue. ConnectWise has released ScreenConnect version 25.2.4 on April 24, 2025, which addresses the vulnerability by disabling ViewState and removing any dependency on it. For cloud-based users on the “screenconnect.com” platform (both standalone and integrated with Automate/RMM) or “hostedrmm.com” for Automate partners, no action is required as these servers have already been updated to remediate the issue. This vulnerability follows previous critical ScreenConnect flaws from February 2024 (CVE-2024-1709 and CVE-2024-1708) that threat actors, including ransomware groups, actively exploited. According to Microsoft Threat Intelligence, attackers have been deploying malware using static ASP.NET machine keys found in publicly available repositories and documentation. While this new vulnerability operates differently, it highlights the ongoing security challenges facing remote access software in an increasingly distributed work environment. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This vulnerability follows a pattern of ViewState code injection attacks that Microsoft warned about in February 2025. Unlike previous attacks that relied on stolen keys from dark web forums, these publicly disclosed keys pose a higher risk due to their availability in multiple code repositories.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 26 Apr 2025 03:50:07 +0000

Cyber News related to Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code

ConnectWise urges ScreenConnect admins to patch critical RCE flaw - ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. This security bug is due to an authentication bypass weakness that attackers can exploit ...
1 year ago Bleepingcomputer.com

LockBit attacks continue via ConnectWise ScreenConnect flaws - Exploitation of two critical ConnectWise vulnerabilities continues to mount, with many attacks attributed to ransomware gangs such as LockBit. Last month, ConnectWise disclosed an authentication bypass vulnerability, tracked as CVE-2024-1708, that ...
1 year ago Techtarget.com CVE-2024-1708 CVE-2024-1709 LockBit

Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code - ConnectWise has released an urgent security patch for its ScreenConnect remote access software to address a serious vulnerability that could allow attackers to execute malicious code on affected systems. However, if these machine keys are compromised ...
1 month ago Cybersecuritynews.com CVE-2024-1709

Threat Brief: ConnectWise ScreenConnect Vulnerabilities - Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust ...
1 year ago Unit42.paloaltonetworks.com

Qilin Operators Mimic ScreenConnect Login Page to Deliver Ransomware & Gain Admin Access - A sophisticated ransomware attack targeted Managed Service Providers (MSPs) through well-crafted phishing emails designed to appear as authentication alerts for their ScreenConnect Remote Monitoring and Management (RMM) tool. Prior to ransomware ...
2 months ago Cybersecuritynews.com CVE-2023-27532 Qilin

Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers - Gotham Security, an Abacus Group company providing high-quality boutique cybersecurity services, has announced that its research team recently discovered two vulnerabilities in ConnectWise ScreenConnect, saving tens of thousands of enterprises from ...
1 year ago Itsecurityguru.org

Hackers breach healthcare orgs via ScreenConnect remote access - Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems, a ...
1 year ago Bleepingcomputer.com

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool - Enterprise IT software giant ConnectWise has released urgent patches for two critical security defects in its ScreenConnect remote desktop access product, warning there is high risk of in-the-wild exploitation. A second bug, documented as an improper ...
1 year ago Securityweek.com