← Back

CVE-2025-11493

nvd nist
Published: Oct 16, 2025Modified: Oct 29, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by impersonating a legitimate server. This risk is mitigated when HTTPS is enforced and is related to CVE-2025-11492.

Affected (1)

Connectwise
1 product
Automate
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Automate
Before 2025.9

Related CWEs

CWE-494
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (1)

Source: 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
Vendor Advisory

Timeline

No history available yet.