CVE-2025-11492NVD

Vulnerability Summary

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.

Severity Level

CRITICAL(9.6)

Published Date

Oct 16, 2025

Last Modified

Oct 16, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-319: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorAdjacent

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.connectwise.com/company/trust/security-bulletins/connectwise-automate-2025.9-security-fix

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-11492NVD

Vulnerability Summary

External References