VYPR
Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Feb 26, 2026

Self-Update Verification Mechanism Process in ConnectWise Automate

CVE-2025-11493

Description

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Connectwise/Automatellm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: All versions prior to 2025.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.