Is Your Business at Risk? Discover the Critical Security Patch for ConnectWise ScreenConnect

Table of Contents

How Can You Protect Your Data? Powerful Steps for the Latest ConnectWise ScreenConnect Security Fix
What’s the Issue?
Who Is Affected?
What Has ConnectWise Done?
What Should You Do Now?
For Cloud-Hosted ScreenConnect Users
For On-Premises ScreenConnect Users
How to Get Help
Stay Updated and Report Issues

How Can You Protect Your Data? Powerful Steps for the Latest ConnectWise ScreenConnect Security Fix

A severe security vulnerability has been identified in ConnectWise ScreenConnect versions 25.2.3 and earlier. This flaw, rated as high risk (CVSS 8.8), could allow attackers to execute remote code on your server if exploited. Prompt action is essential to safeguard your systems and data.

What’s the Issue?

The vulnerability is linked to the ViewState mechanism in ASP.NET Web Forms, which ScreenConnect uses to maintain page state. Attackers who gain access to your server’s machine keys could craft malicious ViewState data, potentially leading to remote code execution. This type of attack requires privileged system-level access, but if successful, it can compromise your entire server environment.

Who Is Affected?

All users and administrators running on-premises installations of ScreenConnect version 25.2.3 or earlier. Cloud-hosted ScreenConnect users are not affected, as ConnectWise has already applied the necessary patch to all cloud instances.

What Has ConnectWise Done?

Released version 25.2.4, which disables ViewState and removes its dependencies, effectively closing the vulnerability.
Updated all cloud-hosted servers automatically.
Provided a detailed security bulletin and ongoing monitoring for suspicious activity.

What Should You Do Now?

For Cloud-Hosted ScreenConnect Users

No action required. Your system has been automatically updated and is secure.

For On-Premises ScreenConnect Users

If on Active Maintenance:

Upgrade immediately to version 25.2.4 for the latest security, bug fixes, and enhancements.
Upgrade path: 22.8 → 23.3 → 25.2.4 (follow this sequence for a successful update).

If Off Maintenance:

Renew your maintenance agreement and upgrade to version 25.2.4 for full protection.
If you choose not to renew, free security patches are available for versions back to 23.9. You can upgrade to 23.9 at no cost and apply the patch.

Older Versions (Pre-23.9):

Upgrade to 23.9 at no additional charge, then apply the latest security patch.

How to Get Help

For upgrade assistance, visit ConnectWise Chat, open a support case, or email [email protected].
For maintenance questions, contact [email protected] or call +1-813-514-8400.
For security concerns, email [email protected].

Stay Updated and Report Issues

Subscribe to the ConnectWise security bulletin RSS feed for real-time updates.
Report any security or privacy incidents through the ConnectWise Trust Center.

Your swift response to this urgent security update will protect your business from potential threats and ensure ongoing reliability.