Vulnerability Details CVE-2025-11493
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.7%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-11493
-
cpe:2.3:a:connectwise:automate:-
-
cpe:2.3:a:connectwise:automate:2019.12
-
cpe:2.3:a:connectwise:automate:2020.0
-
cpe:2.3:a:connectwise:automate:2020.7
-
cpe:2.3:a:connectwise:automate:2020.8
-
cpe:2.3:a:connectwise:automate:2022.10
-
cpe:2.3:a:connectwise:automate:2022.11