ConnectWise Patches Automate Software to Block Malicious Update Attacks
ConnectWise has released a security update for its Automate remote monitoring and management (RMM) platform to address two vulnerabilities that could allow attackers to deliver malware or malicious updates disguised as legitimate software. The flaws, if exploited, could enable a “man-in-the-middle” (AiTM) attack, compromising the integrity of the update process.
The vulnerabilities center around a lack of encryption and integrity verification for update packages. According to ConnectWise, the software was “configured to use HTTP or rely on encryption, that could allow a network-based adversary to view or modify traffic or substitute malicious updates.” The second issue, tracked as CVE-2025-11493 with a severity score of 8.8, stems from a missing checksum or digital signature for update packages, dependencies, and integrations. Combined, these weaknesses would allow an attacker to impersonate a valid ConnectWise server and push malicious files.
ConnectWise has already applied the fix to its cloud-based Automate instances,updating them to release 2025.9. Administrators using on-premise deployments are strongly advised to install the update “as soon as possible (within days),” according to the vendor. While no active exploitation has been reported, ConnectWise warns the vulnerabilities “have higher risk of being targeted by exploits in the wild.”
This security update arrives amid heightened scrutiny of ConnectWise’s security practices. Earlier this year, the company suffered a breach attributed to nation-state actors, impacting ScreenConnect customers and forcing a complete rotation of its digital code signing certificates. Threat actors have previously exploited critical flaws in ConnectWise products,including a recent critical bug in ScreenConnect that saw exploit code released publicly.
