Unrated severityCISA KEVNVD Advisory· Published Feb 5, 2019· Updated Oct 21, 2025

CVE-2018-20753

Description

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88mitrex_refsource_MISC
helpdesk.kaseya.com/hc/en-gb/articles/360000333152mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.030
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060