Connectwise Screenconnect
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Connectwise Screenconnect.
Known Exploited Connectwise Screenconnect Vulnerabilities
The following Connectwise Screenconnect vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| ConnectWise ScreenConnect Improper Authentication Vulnerability |
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised. CVE-2025-3935 Exploit Probability: 15.5% |
June 2, 2025 |
| ConnectWise ScreenConnect Authentication Bypass Vulnerability |
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices. CVE-2024-1709 Exploit Probability: 94.3% |
February 22, 2024 |
The vulnerability CVE-2024-1709: ConnectWise ScreenConnect Authentication Bypass Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 1 vulnerability in Connectwise Screenconnect with an average score of 9.0 out of ten. Last year, in 2025 Screenconnect had 3 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.50.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 9.00 |
| 2025 | 3 | 7.50 |
| 2024 | 4 | 8.00 |
| 2023 | 1 | 9.80 |
| 2022 | 1 | 5.30 |
It may take a day or so for new Screenconnect vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Connectwise Screenconnect Security Vulnerabilities
ScreenConnect Server-Level Crypto Exposure Enables Privilege Escalation
CVE-2026-3564
9 - Critical
- March 17, 2026
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Improper Verification of Cryptographic Signature
ScreenConnect Cert Sign Ext <=1.0.11 Exposes Encrypted Config via Client
CVE-2025-14823
5.3 - Medium
- December 18, 2025
In deployments using the ScreenConnect Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components.
Insertion of Sensitive Information Into Sent Data
ScreenConnect <25.8 Server: Untrusted Extension Exec (CVE-2025-14265)
CVE-2025-14265
9.1 - Critical
- December 11, 2025
In versions of ScreenConnect prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.
Download of Code Without Integrity Check
ScreenConnect 25.2.3 ViewState Code Injection (RCE)
CVE-2025-3935
8.1 - High
- April 25, 2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.
Marshaling, Unmarshaling
ConnectWise ScreenConnect <23.9.7 Auth Bypass via Alternate Channel
CVE-2024-1709
10 - Critical
- February 21, 2024
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Authentication Bypass Using an Alternate Path or Channel
ConnectWise ScreenConnect 23.9.7 Path-Traversal RCE
CVE-2024-1708
8.4 - High
- February 21, 2024
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
Directory traversal
ConnectWise ScreenConnect <=23.8.4 RCE via MITM in Messaging
CVE-2023-47257
8.1 - High
- February 01, 2024
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
Code Injection
ScreenConnect 23.8.4 Local Users Connect to Arbitrary Relay via Proxy Trust
CVE-2023-47256
5.5 - Medium
- February 01, 2024
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
authentification
ConnectWise Control <=22.9.10032 Code Signing Bypass via Post-Sign Instructions
CVE-2023-25718
9.8 - Critical
- February 13, 2023
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations.
Improper Verification of Cryptographic Signature
ScreenConnect 22.6 Brute-Force on Custom Access Tokens via Rate-Limiting Flaw
CVE-2022-36781
5.3 - Medium
- September 28, 2022
ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default configuration. Attackers could exploit this vulnerability to gain unauthorized access by repeatedly attempting access code combinations. ConnectWise has addressed this issue in later versions by implementing rate-limiting controls as a preventive measure against brute force attacks.
Improper Restriction of Excessive Authentication Attempts
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Connectwise Screenconnect or by Connectwise? Click the Watch button to subscribe.
