CVE-2025-3935βConnectWise ScreenConnect Improper Authentication Vulnerability
PUBLISHEDvulnerability record
2025-06-02 Β· last modified June 21, 2025
Metadata
Vulnerability Name
ConnectWise ScreenConnect Improper Authentication Vulnerability
Description
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.
Known To Be Used in Ransomware Campaigns?
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.