Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Patch Released for ScreenConnect Flaw

April 28, 2025
Reading Time: 2 mins read
in Alerts
AI Vulnerabilities Found in Major Platforms

ConnectWise has issued an urgent patch for its ScreenConnect remote access software to address a critical vulnerability. This flaw, tracked as CVE-2025-3935, allows attackers to inject malicious code into vulnerable systems, affecting all ScreenConnect versions up to 25.2.3. Identified by security researchers, the vulnerability allows attackers to exploit the ViewState mechanism in ASP.NET Web Forms, which stores page and control states between server requests. This vulnerability has a high CVSS score of 8.1 and poses significant security risks.

The ViewState code injection attack works by compromising ASP.NET machine keys, allowing attackers to craft malicious ViewState data. Once injected, the malicious code could enable remote code execution on the server. ConnectWise has assigned the vulnerability a Priority 1 rating, indicating it is actively being targeted or highly susceptible to exploitation. This issue follows a pattern of ViewState code injection attacks and adds to growing concerns about publicly disclosed ASP.NET machine keys found in open repositories.

To mitigate the vulnerability, ConnectWise has released ScreenConnect version 25.2.4, which disables ViewState and removes its dependency. Cloud-based users on the screenconnect.com platform have already received the update, while on-premises users must upgrade manually to version 25.2.4. The company also recommends on-premises users assess their systems for any signs of compromise before reconnecting servers. If signs of compromise are detected, the company advises isolating affected servers and following incident response protocols.

This vulnerability is part of ongoing security challenges facing remote access software, following previous exploits such as CVE-2024-1709 and CVE-2024-1708. It highlights the increasing risks associated with remote access tools, especially in distributed work environments. Organizations using ScreenConnect are strongly advised to immediately apply the security patch to protect their infrastructure from potential attacks.

Reference:
  • ConnectWise Issues Urgent Patch for Critical ViewState Vulnerability in ScreenConnect
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025
HTTPBot DDoS Threat To Windows Systems

Horabot Malware Targets LatAm Via Phishing

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

Google Patches Chrome Account Takeover Bug

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

HTTPBot DDoS Threat To Windows Systems

May 15, 2025

Latest Alerts

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Subscribe to our newsletter

    Latest Incidents

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial