Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Feb 26, 2026
Self-Update Verification Mechanism Process in ConnectWise Automate
CVE-2025-11493
Description
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: All versions prior to 2025.9
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.