VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Feb 26, 2026

HTTP Configuration and Encryption in Transit

CVE-2025-11492

Description

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some communications over the HTTP channel is updated in the Automate 2025.9 patch to enforce HTTPS for all agent communications.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Connectwise/Automatellm-fuzzy2 versions
    <2025.9+ 1 more
    • (no CPE)range: <2025.9
    • (no CPE)range: All versions prior to 2025.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.