VIR Vulnerability Intelligence Relay

CVE-2025-3935

unknown KEV
Published 2025-06-02 · Modified 2025-06-02
CVSS v3
CVSS v2
VIR risk
1.5

Description

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

CISA KEV

Vendor
ConnectWise
Product
ScreenConnect
Due date
2025-06-23

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-3935

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.